commit: d156784fd7557e8f5ce8a6de5cd3a6a38a78e436 Author: Zac Medico <zmedico <AT> gentoo <DOT> org> AuthorDate: Fri Nov 8 04:52:42 2019 +0000 Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> CommitDate: Fri Nov 8 04:54:37 2019 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=d156784f
repoman: fix unsafe string interpolation (bug 699508) Reported-by: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org> Bug: https://bugs.gentoo.org/699508 Signed-off-by: Zac Medico <zmedico <AT> gentoo.org> repoman/lib/repoman/modules/linechecks/controller.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/repoman/lib/repoman/modules/linechecks/controller.py b/repoman/lib/repoman/modules/linechecks/controller.py index 7082a5d02..b468e348d 100644 --- a/repoman/lib/repoman/modules/linechecks/controller.py +++ b/repoman/lib/repoman/modules/linechecks/controller.py @@ -1,4 +1,6 @@ +from __future__ import unicode_literals + import logging import operator import os @@ -136,7 +138,8 @@ class LineCheckController(object): if not ignore or not ignore.match(line): e = lc.check(num, line) if e: - yield lc.repoman_check_name, e % (num + 1) + # String interpolation on the variable e is unsafe because it can contain % characters. + yield lc.repoman_check_name, e.replace('on line: %d', 'on line: %d' % strnum + 1) for lc in checks: i = lc.end()
