[V2,5/7] insane.bbclass: make the checking stricter for unsafe references in scripts

Submitted by Qi.Chen@windriver.com on Nov. 13, 2013, 6:23 a.m.


Message ID 7fc0bd55dfd2feece904f1ce764174f08b9df62f.1384323613.git.Qi.Chen@windriver.com
State New
Headers show

Commit Message

Qi.Chen@windriver.com Nov. 13, 2013, 6:23 a.m.
From: Chen Qi <qi.chen@windriver.com>

Previously, the checking for unsafe references is not strict enough. It
only checks whether '/usr/' is in the script. As a result, any script
containing statements like below will match this check.


However, as we can see, this is actually not an unsafe reference. What
we really want to check is something like '/usr/bin/tail', so we should
make the checking stricter.

This patch solves the QA warning in gzip and nfs-utils.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 meta/classes/insane.bbclass |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index eb440c2..281af95 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -367,7 +367,7 @@  def package_qa_check_unsafe_references_in_scripts(path, name, d, elf, messages):
 		if bool(statinfo.st_mode & stat.S_IXUSR):
 			# grep shell scripts for possible references to /exec_prefix/
 			exec_prefix = d.getVar('exec_prefix', True)
-			statement = "grep -e '%s/' %s > /dev/null" % (exec_prefix, path)
+			statement = "grep -e '%s/[^ :]\{1,\}/[^ :]\{1,\}' %s > /dev/null" % (exec_prefix, path)
 			if subprocess.call(statement, shell=True) == 0:
 				error_msg = pn + ": Found a reference to %s/ in %s" % (exec_prefix, path)
 				package_qa_handle_error("unsafe-references-in-scripts", error_msg, d)