diff mbox series

rteval: restrict kernel source download with invalid file extensions

Message ID 20220803204122.1091137-1-magodse@redhat.com
State New
Headers show
Series rteval: restrict kernel source download with invalid file extensions | expand

Commit Message

Manasi Godse Aug. 3, 2022, 8:41 p.m. UTC 
If the user inputs an extension other than tar.xz or tar.gz to the -S or --source-download option, the
program should exit.

Signed-off-by: Manasi Godse <magodse@redhat.com>
---
 rteval-cmd | 4 ++++
 1 file changed, 4 insertions(+)
diff mbox series

Patch

diff --git a/rteval-cmd b/rteval-cmd
index c1a68bd5133b..e4a6bcb223da 100755
--- a/rteval-cmd
+++ b/rteval-cmd
@@ -275,6 +275,10 @@  if __name__ == '__main__':
                 major_version = re.search(r"\d{1,2}", kernel_prefix).group(0)
                 url = "https://kernel.org/pub/linux/kernel/v" + major_version + ".x/"
 
+            file_ext = rtevcfg.srcdownload.split(kernel_prefix)[-1]
+
+            if file_ext and file_ext not in ('.tar.xz', '.tar.gz'):
+                sys.exit("Invalid file extension for the kernel source. Exiting")
 
             if rtevcfg.srcdownload.endswith(".gz") or 'rc' in rtevcfg.srcdownload:
                 rtevcfg.srcdownload = "linux-" + kernel_prefix + ".tar.gz"