Skip to content

Commit 48d2e80

Browse files
laanwjlaanwj
committed
test: Don't use shell=True in lint-files.py
Avoid the use of shell=True.
1 parent 85aea18 commit 48d2e80

File tree

1 file changed

+8
-7
lines changed

1 file changed

+8
-7
lines changed

test/lint/lint-files.py

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,10 @@
1414
from typing import Optional, NoReturn
1515

1616
CMD_TOP_LEVEL = ["git", "rev-parse", "--show-toplevel"]
17-
CMD_ALL_FILES = "git ls-files -z --full-name"
18-
CMD_SOURCE_FILES = 'git ls-files -z --full-name -- "*.[cC][pP][pP]" "*.[hH]" "*.[pP][yY]" "*.[sS][hH]"'
19-
CMD_SHEBANG_FILES = "git grep --full-name --line-number -I '^#!'"
17+
CMD_ALL_FILES = ["git", "ls-files", "-z", "--full-name"]
18+
CMD_SOURCE_FILES = ["git", "ls-files", "-z", "--full-name", "--", "*.[cC][pP][pP]", "*.[hH]", "*.[pP][yY]", "*.[sS][hH]"]
19+
CMD_SHEBANG_FILES = ["git", "grep", "--full-name", "--line-number", "-I", "^#!"]
20+
2021
ALLOWED_FILENAME_REGEXP = "^[a-zA-Z0-9/_.@][a-zA-Z0-9/_.@-]*$"
2122
ALLOWED_SOURCE_FILENAME_REGEXP = "^[a-z0-9_./-]+$"
2223
ALLOWED_SOURCE_FILENAME_EXCEPTION_REGEXP = (
@@ -73,7 +74,7 @@ def check_all_filenames() -> int:
7374
Checks every file in the repository against an allowed regexp to make sure only lowercase or uppercase
7475
alphanumerics (a-zA-Z0-9), underscores (_), hyphens (-), at (@) and dots (.) are used in repository filenames.
7576
"""
76-
filenames = check_output(CMD_ALL_FILES, shell=True).decode("utf8").rstrip("\0").split("\0")
77+
filenames = check_output(CMD_ALL_FILES).decode("utf8").rstrip("\0").split("\0")
7778
filename_regex = re.compile(ALLOWED_FILENAME_REGEXP)
7879
failed_tests = 0
7980
for filename in filenames:
@@ -92,7 +93,7 @@ def check_source_filenames() -> int:
9293
9394
Additionally there is an exception regexp for directories or files which are excepted from matching this regexp.
9495
"""
95-
filenames = check_output(CMD_SOURCE_FILES, shell=True).decode("utf8").rstrip("\0").split("\0")
96+
filenames = check_output(CMD_SOURCE_FILES).decode("utf8").rstrip("\0").split("\0")
9697
filename_regex = re.compile(ALLOWED_SOURCE_FILENAME_REGEXP)
9798
filename_exception_regex = re.compile(ALLOWED_SOURCE_FILENAME_EXCEPTION_REGEXP)
9899
failed_tests = 0
@@ -111,7 +112,7 @@ def check_all_file_permissions() -> int:
111112
112113
Additionally checks that for executable files, the file contains a shebang line
113114
"""
114-
filenames = check_output(CMD_ALL_FILES, shell=True).decode("utf8").rstrip("\0").split("\0")
115+
filenames = check_output(CMD_ALL_FILES).decode("utf8").rstrip("\0").split("\0")
115116
failed_tests = 0
116117
for filename in filenames:
117118
file_meta = FileMeta(filename)
@@ -156,7 +157,7 @@ def check_shebang_file_permissions() -> int:
156157
"""
157158
Checks every file that contains a shebang line to ensure it has an executable permission
158159
"""
159-
filenames = check_output(CMD_SHEBANG_FILES, shell=True).decode("utf8").strip().split("\n")
160+
filenames = check_output(CMD_SHEBANG_FILES).decode("utf8").strip().split("\n")
160161

161162
# The git grep command we use returns files which contain a shebang on any line within the file
162163
# so we need to filter the list to only files with the shebang on the first line

0 commit comments

Comments
 (0)