[6/8] insane.bbclass: make the checking stricter for unsafe references in scripts

Submitted by Qi.Chen@windriver.com on Nov. 9, 2013, 5:28 a.m.


Message ID 764c24934d2e1e7be976bf602cc4158155383738.1383974819.git.Qi.Chen@windriver.com
State New
Headers show

Commit Message

Qi.Chen@windriver.com Nov. 9, 2013, 5:28 a.m.
From: Chen Qi <qi.chen@windriver.com>

Previously, the checking for unsafe references is not strict enough. It
only checks whether '/usr/' is in the script. As a result, any script
containing statements like below will match this check.


However, as we can see, this is actually not an unsafe reference. What
we really want to check is something like '/usr/bin/tail', so we should
make the checking stricter.

This patch solves the QA warning in gzip and nfs-utils.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 meta/classes/insane.bbclass |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index eb440c2..281af95 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -367,7 +367,7 @@  def package_qa_check_unsafe_references_in_scripts(path, name, d, elf, messages):
 		if bool(statinfo.st_mode & stat.S_IXUSR):
 			# grep shell scripts for possible references to /exec_prefix/
 			exec_prefix = d.getVar('exec_prefix', True)
-			statement = "grep -e '%s/' %s > /dev/null" % (exec_prefix, path)
+			statement = "grep -e '%s/[^ :]\{1,\}/[^ :]\{1,\}' %s > /dev/null" % (exec_prefix, path)
 			if subprocess.call(statement, shell=True) == 0:
 				error_msg = pn + ": Found a reference to %s/ in %s" % (exec_prefix, path)
 				package_qa_handle_error("unsafe-references-in-scripts", error_msg, d)