Use IPC::System::Simple capturex instead of capture
capturex avoids using the shell at all, which is the
proper way to prevent shell meta-character injection.
Also remove a comment that would use the shell if
it were uncommented and changed from qq to qx.
See-also: http://bonedaddy.net/pabs3/log/2014/02/17/pid-preservation-society/
Paul Wise
6 years ago
| 22 | 22 | use warnings FATAL => 'all'; |
| 23 | 23 | use autodie qw(:all); |
| 24 | 24 | use v5.14; |
| 25 | use IPC::System::Simple qw(capture); | |
| 25 | use IPC::System::Simple qw(capturex); | |
| 26 | 26 | |
| 27 | 27 | $ENV{LC_ALL} = 'C'; |
| 28 | 28 | |
| 109 | 109 | sub get_build_ids_from_core |
| 110 | 110 | { |
| 111 | 111 | my ($filename) = @_; |
| 112 | my $output = capture("eu-unstrip -n --core=\Q$filename\E"); | |
| 112 | my $output = capturex(qw(eu-unstrip -n --core), $filename); | |
| 113 | 113 | |
| 114 | 114 | return parse_eu_unstrip($output); |
| 115 | 115 | } |
| 117 | 117 | sub get_build_ids_from_pid |
| 118 | 118 | { |
| 119 | 119 | my ($pid) = @_; |
| 120 | my $output = capture("eu-unstrip -n -p \Q$pid\E"); | |
| 120 | my $output = capturex(qw(eu-unstrip -n -p), $pid); | |
| 121 | 121 | chomp $output; |
| 122 | 122 | |
| 123 | 123 | return parse_eu_unstrip($output); |
| 129 | 129 | |
| 130 | 130 | my $output; |
| 131 | 131 | eval { |
| 132 | $output = capture("grep-aptavail -s Package -F Build-IDs \Q$id\E"); | |
| 132 | $output = capturex(qw(grep-aptavail -s Package -F Build-IDs), $id); | |
| 133 | 133 | }; |
| 134 | 134 | if ($@) { |
| 135 | 135 | return; |
| 150 | 150 | sub is_core_file |
| 151 | 151 | { |
| 152 | 152 | my ($filename) = (@_); |
| 153 | # warn qq{eu-readelf -n \Q$filename\E}; | |
| 154 | my $output = capture("eu-readelf -h \Q$filename\E"); | |
| 153 | my $output = capturex(qw(eu-readelf -h), $filename); | |
| 155 | 154 | if ($output =~ /^\s*Type:\s*CORE/m) { |
| 156 | 155 | return 1; |
| 157 | 156 | } |