Change Gitlab::Popen to use arrays for commands

Jacob Vosmaer
1 parent 9f20580e
Showing 2 changed files with 16 additions and 4 deletions Show diff stats
lib/gitlab/popen.rb
spec/lib/gitlab/popen_spec.rb
 require 'fileutils'
+require 'open3'
  
 module Gitlab
   module Popen
     def popen(cmd, path)
+      unless cmd.is_a?(Array)
+        raise "System commands must be given as an array of strings"
+      end
+
       vars = { "PWD" => path }
       options = { chdir: path }
  
@@ -12,10 +17,10 @@ module Gitlab
  
       @cmd_output = ""
       @cmd_status = 0
-      Open3.popen3(vars, cmd, options) do |stdin, stdout, stderr, wait_thr|
-        @cmd_status = wait_thr.value.exitstatus
+      Open3.popen3(vars, *cmd, options) do |stdin, stdout, stderr, wait_thr|
         @cmd_output << stdout.read
         @cmd_output << stderr.read
+        @cmd_status = wait_thr.value.exitstatus
       end
  
       return @cmd_output, @cmd_status
@@ -10,7 +10,7 @@ describe &#39;Gitlab::Popen&#39;, no_db: true do
  
   context 'zero status' do
     before do
-      @output, @status = @klass.new.popen('ls', path)
+      @output, @status = @klass.new.popen(%W(ls), path)
     end
  
     it { @status.should be_zero }
@@ -19,11 +19,18 @@ describe &#39;Gitlab::Popen&#39;, no_db: true do
  
   context 'non-zero status' do
     before do
-      @output, @status = @klass.new.popen('cat NOTHING', path)
+      @output, @status = @klass.new.popen(%W(cat NOTHING), path)
     end
  
     it { @status.should == 1 }
     it { @output.should include('No such file or directory') }
   end
+
+  context 'unsafe string command' do
+    it 'raises an error when it gets called with a string argument' do
+      expect { @klass.new.popen('ls', path) }.to raise_error
+    end
+  end
+
 end
1	1	require 'fileutils'
	2	+require 'open3'
2	3
3	4	module Gitlab
4	5	module Popen
5	6	def popen(cmd, path)
	7	+ unless cmd.is_a?(Array)
	8	+ raise "System commands must be given as an array of strings"
	9	+ end
	10	+
6	11	vars = { "PWD" => path }
7	12	options = { chdir: path }
8	13
...	...	@@ -12,10 +17,10 @@ module Gitlab
12	17
13	18	@cmd_output = ""
14	19	@cmd_status = 0
15		- Open3.popen3(vars, cmd, options) do \|stdin, stdout, stderr, wait_thr\|
16		- @cmd_status = wait_thr.value.exitstatus
	20	+ Open3.popen3(vars, *cmd, options) do \|stdin, stdout, stderr, wait_thr\|
17	21	@cmd_output << stdout.read
18	22	@cmd_output << stderr.read
	23	+ @cmd_status = wait_thr.value.exitstatus
19	24	end
20	25
21	26	return @cmd_output, @cmd_status
...	...
...	...	@@ -10,7 +10,7 @@ describe 'Gitlab::Popen', no_db: true do
10	10
11	11	context 'zero status' do
12	12	before do
13		- @output, @status = @klass.new.popen('ls', path)
	13	+ @output, @status = @klass.new.popen(%W(ls), path)
14	14	end
15	15
16	16	it { @status.should be_zero }
...	...	@@ -19,11 +19,18 @@ describe 'Gitlab::Popen', no_db: true do
19	19
20	20	context 'non-zero status' do
21	21	before do
22		- @output, @status = @klass.new.popen('cat NOTHING', path)
	22	+ @output, @status = @klass.new.popen(%W(cat NOTHING), path)
23	23	end
24	24
25	25	it { @status.should == 1 }
26	26	it { @output.should include('No such file or directory') }
27	27	end
	28	+
	29	+ context 'unsafe string command' do
	30	+ it 'raises an error when it gets called with a string argument' do
	31	+ expect { @klass.new.popen('ls', path) }.to raise_error
	32	+ end
	33	+ end
	34	+
28	35	end
29	36
...	...