Issue 638649 link

Starred by 0 users

Issue metadata

Status:	Archived
Owner:	----
Closed:	Jan 10
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug
Hotlist-Fixit

Unescaped command string formatting/shell injection

Project Member Reported by ayatane@chromium.org, Aug 17 2016

Issue description

There are calls to host.run() that format command strings naively, potentially vulnerable to injection or bugs.

Example in autotest server/crashcollect.py

Comment 1 by ayatane@chromium.org, Jun 20 2017

Labels: Hotlist-Fixit
Owner: ----

Comment 2 by benhenry@google.com, Jan 10

Status: Archived (was: Untriaged)

Archiving P3s older than 1 year with no owner or component.

►

Issue 638649 link

Issue metadata

Unescaped command string formatting/shell injection

Issue description

Comment 1 by ayatane@chromium.org, Jun 20 2017

Comment 1 Deleted

Comment 2 by benhenry@google.com, Jan 10

Comment 2 Deleted

Sign in to add a comment