romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 23:01:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

top-complexity: prevent filename-based shell injection risk

Browse source 
As we run this script in CI, this should reduce the risk of mischief

Found by Codex Security

Closes #20969
This commit is contained in:
Daniel Stenberg 2026-03-18 00:14:35 +01:00
parent 80b6cd92af
commit b11f43a4db
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
scripts/top-complexity
View file

@ -60,8 +60,8 @@ if(! -r "lib/url.c" || ! -r "lib/urldata.h") {
} }
my @files; my @files;
open(F, "git ls-files '*.c'|"); open(my $git, "-|", "git", "ls-files", "*.c") or die "git ls-files failed: $!";
while(<F>) { while(<$git>) {
chomp $_; chomp $_;
my $file = $_; my $file = $_;
# we cannot filter these with git so do it here # we cannot filter these with git so do it here
@ -69,9 +69,11 @@ while(<F>) {
push @files, $file; push @files, $file;
} }
} }
close($git);
my $cmd = "$pmccabe ".join(" ", @files); open(my $pmc, "-|", $pmccabe, @files) or die "pmccabe failed: $!";
my @output=`$cmd`; my @output = <$pmc>;
close($pmc);
# these functions can have these scores, but not higher # these functions can have these scores, but not higher
my %whitelist = ( my %whitelist = (