Skip to content

Commit bf41aba

Browse files
danmardanmar
committed
disallow certain characters
1 parent 99272f9 commit bf41aba

2 files changed

Lines changed: 24 additions & 8 deletions

File tree

lib/cppcheck.cpp

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -306,8 +306,22 @@ namespace {
306306

307307
std::string CppCheck::cmdFileName(std::string f)
308308
{
309+
// do not allow characters that potentially has a special meaning for the shell
310+
const auto badpos = f.find_first_of("\t\n\r;$<>|&`");
311+
if (badpos != std::string::npos) {
312+
std::string c;
313+
if (f[badpos] == '\n')
314+
c = "<new-line>";
315+
else if (f[badpos] == '\r')
316+
c = "<carriage-return>";
317+
else if (f[badpos] == '\t')
318+
c = "<tab>";
319+
else
320+
c += f[badpos];
321+
throw std::runtime_error("Cppcheck does not allow character " + c + " in filename " + f);
322+
}
309323
f = Path::toNativeSeparators(std::move(f));
310-
if (f.find_first_of(" \t;$<>|&`\n") != std::string::npos)
324+
if (f.find(' ') != std::string::npos)
311325
return "\"" + f + "\"";
312326
return f;
313327
}

test/testcppcheck.cpp

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -626,13 +626,15 @@ class TestCppcheck : public TestFixture {
626626
void cmdFileName() const {
627627
ASSERT_EQUALS("x", CppCheck::cmdFileName("x"));
628628
ASSERT_EQUALS("\" \"", CppCheck::cmdFileName(" "));
629-
ASSERT_EQUALS("\"\t\"", CppCheck::cmdFileName("\t"));
630-
ASSERT_EQUALS("\";\"", CppCheck::cmdFileName(";"));
631-
ASSERT_EQUALS("\">\"", CppCheck::cmdFileName(">"));
632-
ASSERT_EQUALS("\"<\"", CppCheck::cmdFileName("<"));
633-
ASSERT_EQUALS("\"|\"", CppCheck::cmdFileName("|"));
634-
ASSERT_EQUALS("\"`\"", CppCheck::cmdFileName("`"));
635-
ASSERT_EQUALS("\"$\"", CppCheck::cmdFileName("$"));
629+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName("\t"), std::runtime_error, "Cppcheck does not allow character <tab> in filename \t");
630+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName("\r"), std::runtime_error, "Cppcheck does not allow character <carriage-return> in filename \r");
631+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName("\n"), std::runtime_error, "Cppcheck does not allow character <new-line> in filename \n");
632+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName(";"), std::runtime_error, "Cppcheck does not allow character ; in filename ;");
633+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName(">"), std::runtime_error, "Cppcheck does not allow character > in filename >");
634+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName("<"), std::runtime_error, "Cppcheck does not allow character < in filename <");
635+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName("|"), std::runtime_error, "Cppcheck does not allow character | in filename |");
636+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName("`"), std::runtime_error, "Cppcheck does not allow character ` in filename `");
637+
ASSERT_THROW_EQUALS(CppCheck::cmdFileName("$"), std::runtime_error, "Cppcheck does not allow character $ in filename $");
636638
}
637639

638640
// TODO: test suppressions

0 commit comments

Comments
 (0)