From: Chen Qi Date: Fri, 19 Feb 2016 02:38:39 +0000 (+0800) Subject: insane.bbclass: make the checking stricter for unsafe references in scripts X-Git-Tag: 2016-4~589 X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=f818f7359c1a5db2c5c041c42eecb9f0434d9800;p=openembedded-core.git insane.bbclass: make the checking stricter for unsafe references in scripts Previously, the checking for unsafe references is not strict enough. It only checks whether '/usr/' is in the script. As a result, any script containing statements like below will match this check. PATH="/bin:/sbin:/usr/bin:/usr/sbin" However, as we can see, this is actually not an unsafe reference. What we really want to check is something like '/usr/bin/tail', so we should make the checking stricter. This patch solves the QA warning in gzip and nfs-utils. Signed-off-by: Chen Qi Signed-off-by: Ross Burton --- diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index b9adea77c8..ebf92ac621 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass @@ -428,7 +428,7 @@ def package_qa_check_unsafe_references_in_scripts(path, name, d, elf, messages): if bool(statinfo.st_mode & stat.S_IXUSR): # grep shell scripts for possible references to /exec_prefix/ exec_prefix = d.getVar('exec_prefix', True) - statement = "grep -e '%s/' %s > /dev/null" % (exec_prefix, path) + statement = "grep -e '%s/[^ :]\{1,\}/[^ :]\{1,\}' %s > /dev/null" % (exec_prefix, path) if subprocess.call(statement, shell=True) == 0: error_msg = pn + ": Found a reference to %s/ in %s" % (exec_prefix, path) package_qa_handle_error("unsafe-references-in-scripts", error_msg, d)