Skip to content
Permalink
Browse files Browse the repository at this point in the history
Sanitize user input using Shellwords.escape and bump patch number
  • Loading branch information
rcook authored and Richard Cook committed Aug 2, 2013
1 parent 00a2b68 commit b819b13
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
2 changes: 1 addition & 1 deletion lib/rgpg/gem_info.rb
Expand Up @@ -2,7 +2,7 @@ module Rgpg
module GemInfo
MAJOR_VERSION = 0
MINOR_VERSION = 2
PATCH_VERSION = 2
PATCH_VERSION = 3

def self.version_string
[MAJOR_VERSION, MINOR_VERSION, PATCH_VERSION].join('.')
Expand Down
7 changes: 4 additions & 3 deletions lib/rgpg/gpg_helper.rb
@@ -1,4 +1,5 @@
require 'tempfile'
require 'shellwords'

module Rgpg
module GpgHelper
Expand All @@ -10,7 +11,7 @@ def self.generate_key_pair(key_base_name, recipient, real_name)
begin
script_file.write(script)
script_file.close
result = system("gpg --batch --gen-key #{script_file.path}")
result = system("gpg --batch --gen-key #{Shellwords.escape(script_file.path)}")
raise RuntimeError.new('gpg failed') unless result
ensure
script_file.close
Expand Down Expand Up @@ -62,12 +63,12 @@ def self.run_gpg(*args)
'gpg',
'--no-default-keyring'
] + args
command_line = fragments.join(' ')
command_line = fragments.collect { |fragment| Shellwords.escape(fragment) }.join(' ')

output_file = Tempfile.new('gpg-output')
begin
output_file.close
result = system("#{command_line} > #{output_file.path} 2>&1")
result = system("#{command_line} > #{Shellwords.escape(output_file.path)} 2>&1")
ensure
output_file.unlink
end
Expand Down

0 comments on commit b819b13

Please sign in to comment.