Sophie

Sophie

distrib > Mageia > 8 > armv7hl > by-pkgid > 599ad2e68c4e09226090c02658af44cf > files > 4

crmsh-4.2.0-0.39d42c2.2.mga8.src.rpm

diff --git a/crmsh/history.py b/crmsh/history.py
index 0dc725c..2e9d4fd 100644
--- a/crmsh/history.py
+++ b/crmsh/history.py
@@ -465,6 +465,8 @@ class Report(object):
             return None
 
         d = self._live_loc()
+        if not utils.is_path_sane(d):
+            return None
         utils.rmdir_r(d)
         tarball = "%s.tar.bz2" % d
         to_option = ""
@@ -473,8 +475,7 @@ class Report(object):
         nodes_option = ""
         if self.setnodes:
             nodes_option = "'-n %s'" % ' '.join(self.setnodes)
-        if utils.pipe_cmd_nosudo("mkdir -p %s" % os.path.dirname(d)) != 0:
-            return None
+        utils.mkdirp(os.path.dirname(d))
         common_info("Retrieving information from cluster nodes, please wait...")
         rc = utils.pipe_cmd_nosudo("%s -Z -Q -f '%s' %s %s %s %s" %
                                    (extcmd,
@@ -981,6 +982,8 @@ class Report(object):
 
     def manage_session(self, subcmd, name):
         session_dir = self.get_session_dir(name)
+        if not utils.is_path_sane(session_dir):
+            return False
         if subcmd == "save" and os.path.exists(session_dir):
             common_err("history session %s exists" % name)
             return False
@@ -988,8 +991,7 @@ class Report(object):
             common_err("history session %s does not exist" % name)
             return False
         if subcmd == "save":
-            if utils.pipe_cmd_nosudo("mkdir -p %s" % session_dir) != 0:
-                return False
+            utils.mkdirp(session_dir)
             if self.source == "live":
                 rc = utils.pipe_cmd_nosudo("tar -C '%s' -c . | tar -C '%s' -x" %
                                            (self._live_loc(), session_dir))
diff --git a/crmsh/utils.py b/crmsh/utils.py
index 123c354..9383a6e 100644
--- a/crmsh/utils.py
+++ b/crmsh/utils.py
@@ -15,6 +15,7 @@ import bz2
 import fnmatch
 import gc
 import ipaddress
+from pathlib import Path
 from contextlib import contextmanager, closing
 from . import config
 from . import userdir
@@ -657,14 +658,14 @@ def safe_close_w(f):
 
 
 def is_path_sane(name):
-    if re.search(r"['`#*?$\[\]]", name):
+    if re.search(r"['`#*?$\[\];]", name):
         common_err("%s: bad path" % name)
         return False
     return True
 
 
 def is_filename_sane(name):
-    if re.search(r"['`/#*?$\[\]]", name):
+    if re.search(r"['`/#*?$\[\];]", name):
         common_err("%s: bad filename" % name)
         return False
     return True
@@ -793,11 +794,11 @@ def lock(lockdir):
             rmdir_r(os.path.join(lockdir, _LOCKDIR))
 
 
-def mkdirp(d, mode=0o777):
-    if os.path.isdir(d):
-        return True
-    os.makedirs(d, mode=mode)
-
+def mkdirp(directory, mode=0o777, parents=True, exist_ok=True):
+    """
+    Same behavior as the POSIX mkdir -p command
+    """
+    Path(directory).mkdir(mode, parents, exist_ok)
 
 def pipe_cmd_nosudo(cmd):
     if options.regression_tests:

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional