Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

run_proces logs the command without escaping parmaeters such that the coammns logged are not valid #73321

Closed
wgianopoulos mannequin opened this issue Jan 2, 2017 · 6 comments
Closed

run_proces logs the command without escaping parmaeters such that the coammns logged are not valid #73321

wgianopoulos mannequin opened this issue Jan 2, 2017 · 6 comments
Labels
3.7 (EOL) end of life stdlib Python modules in the Lib dir

Comments

@wgianopoulos
Copy link
Mannequin

wgianopoulos mannequin commented Jan 2, 2017

BPO 29135
Nosy @bitdancer

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2017-01-02.21:38:42.454>
created_at = <Date 2017-01-02.20:37:59.674>
labels = ['3.7', 'library']
title = 'run_proces logs the command without escaping parmaeters such that the coammns logged are not valid'
updated_at = <Date 2017-01-03.01:00:12.234>
user = 'https://bugs.python.org/wgianopoulos'

bugs.python.org fields:

activity = <Date 2017-01-03.01:00:12.234>
actor = 'r.david.murray'
assignee = 'none'
closed = True
closed_date = <Date 2017-01-02.21:38:42.454>
closer = 'wgianopoulos'
components = ['Library (Lib)']
creation = <Date 2017-01-02.20:37:59.674>
creator = 'wgianopoulos'
dependencies = []
files = []
hgrepos = []
issue_num = 29135
keywords = []
message_count = 6.0
messages = ['284498', '284503', '284505', '284506', '284507', '284508']
nosy_count = 2.0
nosy_names = ['r.david.murray', 'wgianopoulos']
pr_nums = []
priority = 'normal'
resolution = 'third party'
stage = 'resolved'
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue29135'
versions = ['Python 3.7']
@wgianopoulos
Copy link
Mannequin Author

wgianopoulos mannequin commented Jan 2, 2017

So, the arguments to run_process are not escaped when logged such that the logged command is un-parsable.
The following call:

self.run_process(['notify-send', '--app-name', 'Mozilla Build System', 'Mozilla Build System', msg]) where msg='Build complete'

ends up logging the following:

/usr/bin/notify-send --app-name Mozilla Build System Mozilla Build System Build complete

Where to be a valid command it needs to be:

/usr/bin/notify-send --app-name 'Mozilla Build System' 'Mozilla Build System' 'Build complete'

So, I think this needs to either not log the command at all or for each parameter replace any occurrence of the character "'" with "\'" and then enclose the entire parameter with "'" to make sure the logged command can actually be properly parsed.

@wgianopoulos wgianopoulos mannequin added 3.7 (EOL) end of life stdlib Python modules in the Lib dir labels Jan 2, 2017
@bitdancer
Copy link
Member

What is run_process? I'm not getting any hits from grep on the standard library.

@wgianopoulos
Copy link
Mannequin Author

wgianopoulos mannequin commented Jan 2, 2017

well i could be screwed up perhaps it is something provided in the mozilla
python environment i was going by the fact that google searches on python
run-process returned things, including other reported issues, that made me
think it was not.

On Mon, Jan 2, 2017 at 4:02 PM, R. David Murray <report@bugs.python.org>
wrote:

R. David Murray added the comment:

What is run_process? I'm not getting any hits from grep on the standard
library.

----------
nosy: +r.david.murray

Python tracker <report@bugs.python.org>
<http://bugs.python.org/issue29135\>

@wgianopoulos
Copy link
Mannequin Author

wgianopoulos mannequin commented Jan 2, 2017

OK i t appears it might be a third party python utility library. I will
try to trak this down and report it there and close this issue once i sort
it out.

On Mon, Jan 2, 2017 at 4:07 PM, William Gianopoulos <report@bugs.python.org>
wrote:

William Gianopoulos added the comment:

well i could be screwed up perhaps it is something provided in the mozilla
python environment i was going by the fact that google searches on python
run-process returned things, including other reported issues, that made me
think it was not.

On Mon, Jan 2, 2017 at 4:02 PM, R. David Murray <report@bugs.python.org>
wrote:

>
> R. David Murray added the comment:
>
> What is run_process? I'm not getting any hits from grep on the standard
> library.
>
> ----------
> nosy: +r.david.murray
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue29135\>
> _______________________________________
>

----------

Python tracker <report@bugs.python.org>
<http://bugs.python.org/issue29135\>

@wgianopoulos
Copy link
Mannequin Author

wgianopoulos mannequin commented Jan 2, 2017

I would like to keep this open until I figure this out so I can provide a pointer to where the real issue is being tracked. I should have time to do that tomorrow. SOunds like this is part of some third-party add-on python library that is normally provided with linux builds.

@wgianopoulos
Copy link
Mannequin Author

wgianopoulos mannequin commented Jan 2, 2017

It seems it is part of the Mozilla build system. I closed this issue.

@wgianopoulos wgianopoulos mannequin added the invalid label Jan 2, 2017
@wgianopoulos wgianopoulos mannequin closed this as completed Jan 2, 2017
@bitdancer bitdancer removed the invalid label Jan 3, 2017
@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.7 (EOL) end of life stdlib Python modules in the Lib dir
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bitdancer