Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

插件执行命令采用传参替代字符串拼接 #1840

Merged
merged 2 commits into from
Sep 19, 2022
Merged

Conversation

hhyo
Copy link
Owner

@hhyo hhyo commented Sep 19, 2022

  • 规避os注入风险
  • 适配各种特殊字符参数值

@codecov
Copy link

codecov bot commented Sep 19, 2022

Codecov Report

Base: 76.08% // Head: 75.96% // Decreases project coverage by -0.12% ⚠️

Coverage data is based on head (941712d) compared to base (8cdb232).
Patch coverage: 93.20% of modified lines in pull request are covered.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #1840      +/-   ##
==========================================
- Coverage   76.08%   75.96%   -0.13%     
==========================================
  Files          91       91              
  Lines       14195    14131      -64     
==========================================
- Hits        10800    10734      -66     
- Misses       3395     3397       +2     
Impacted Files Coverage Δ
sql/archiver.py 56.74% <0.00%> (-0.23%) ⬇️
sql/plugins/my2sql.py 100.00% <ø> (ø)
sql/plugins/sqladvisor.py 100.00% <ø> (ø)
sql/binlog.py 84.37% <75.00%> (-1.01%) ⬇️
sql/plugins/soar.py 92.10% <83.33%> (-1.78%) ⬇️
sql/instance.py 51.85% <100.00%> (-0.88%) ⬇️
sql/plugins/plugin.py 92.68% <100.00%> (+1.77%) ⬆️
sql/plugins/pt_archiver.py 100.00% <100.00%> (ø)
sql/plugins/schemasync.py 100.00% <100.00%> (ø)
sql/plugins/tests.py 100.00% <100.00%> (ø)
... and 3 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@hhyo hhyo requested a review from nick2wang September 19, 2022 10:29
@hhyo hhyo merged commit 2fc1d16 into master Sep 19, 2022
@hhyo hhyo deleted the plugins-shell branch September 19, 2022 13:45
@nick2wang
Copy link
Collaborator

👏

nick2wang pushed a commit to nick2wang/Archery that referenced this pull request Nov 8, 2022
* 插件执行全部采用shell=False的形式,规避安全风险 fix hhyo#1842

(cherry picked from commit 2fc1d16)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants