diff options
author | Anant Patil <anant.patil@hp.com> | 2015-09-10 11:27:25 +0530 |
---|---|---|
committer | Anant Patil <anant.patil@hp.com> | 2015-09-22 10:37:11 +0530 |
commit | 2710bba2cb3b2cfb52488fe7aa84d5b385d61c30 (patch) | |
tree | b1a5e353ab4cc8b946a1efb4a1bf1f213f2fdca7 /bin | |
parent | f427a69443d9f50c50ecc9dadaee7e393e21d166 (diff) | |
download | heat-cfntools-2710bba2cb3b2cfb52488fe7aa84d5b385d61c30.tar.gz |
Convert all internal commands to list
Make all internal commands as list to avoid any possibility of command
line injection. Commands supplied as string are susceptible to
substitution.
All the internal commands are supplied as list to CommandRunner. As a
convention, all the commands must be given as list to subprocess except
the commands read from file, like in case of cfn hooks and commands
section in metadata.
Few internal commands require shell redirects and they will be
implemented in another patch.
Change-Id: Ifabaf44e341144bc85508dc05c76b1d83e41ae44
Partial-Bug: #1312246
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/cfn-signal | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/bin/cfn-signal b/bin/cfn-signal index a8ab7c7..7fce58e 100755 --- a/bin/cfn-signal +++ b/bin/cfn-signal @@ -100,14 +100,19 @@ body = { "UniqueId": unique_id, "Data": args.data } +data = cfn_helper.json.dumps(body) -insecure = "" +cmd = ['curl'] if args.insecure: - insecure = "--insecure" + cmd.append('--insecure') +cmd.extend([ + '-X', 'PUT', + '-H', 'Content-Type:', + '--data-binary', data, + args.url +]) -cmd_str = ("curl %s -X PUT -H \'Content-Type:\' --data-binary \'%s\' \"%s\"" % - (insecure, cfn_helper.json.dumps(body), args.url)) -command = cfn_helper.CommandRunner(cmd_str).run() +command = cfn_helper.CommandRunner(cmd).run() if command.status != 0: LOG.error(command.stderr) sys.exit(command.status) |