From 38df679a88a19db3a4a82fdb8e20a42c9a53d1a1 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 22 Oct 2018 19:12:39 +0200
Subject: Optimize the handling of problematic files

---
 libmat2/abstract.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'libmat2/abstract.py')

diff --git a/libmat2/abstract.py b/libmat2/abstract.py
index 414a68b..9b510f6 100644
--- a/libmat2/abstract.py
+++ b/libmat2/abstract.py
@@ -1,5 +1,6 @@
 import abc
 import os
+import re
 from typing import Set, Dict, Union
 
 assert Set  # make pyflakes happy
@@ -17,6 +18,11 @@ class AbstractParser(abc.ABC):
         """
         :raises ValueError: Raised upon an invalid file
         """
+        if re.search('^[a-z0-9./]', filename) is None:
+            # Some parsers are calling external binaries,
+            # this prevents shell command injections
+            filename = os.path.join('.', filename)
+
         self.filename = filename
         fname, extension = os.path.splitext(filename)
         self.output_filename = fname + '.cleaned' + extension
-- 
cgit v1.3