Skip to content

Commit

Permalink
Prevent shell injection when converting INO file to CPP // Resolve #4532
Browse files Browse the repository at this point in the history
  • Loading branch information
ivankravets committed Jan 27, 2023
1 parent 0d57a79 commit 15d53c9
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
5 changes: 5 additions & 0 deletions HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,11 @@ PlatformIO Core 6

**A professional collaborative platform for declarative, safety-critical, and test-driven embedded development.**

6.1.7 (2023-??-??)
~~~~~~~~~~~~~~~~~~

* Prevented shell injection when converting INO file to CPP (`issue #4532 <https://github.com/platformio/platformio-core/issues/4532>`_)

6.1.6 (2023-01-23)
~~~~~~~~~~~~~~~~~~

Expand Down
2 changes: 1 addition & 1 deletion platformio/builder/tools/pioino.py
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ def merge(self, nodes):
return "\n".join(["#include <Arduino.h>"] + lines) if lines else None

def process(self, contents):
out_file = self._main_ino + ".cpp"
out_file = re.sub(r"[\"\'\;]+", "", self._main_ino, flags=re.I) + ".cpp"
assert self._gcc_preprocess(contents, out_file)
contents = self.read_safe_contents(out_file)
contents = self._join_multiline_strings(contents)
Expand Down

0 comments on commit 15d53c9

Please sign in to comment.