Remove no longer valid warning from core.unpack_srcrpm()

Shell injection is not possible with Popen() which has shell=False as a default.
2025-01-12 00:46:14 +01:00 · 2024-05-28 09:04:56 +02:00 · 2024-05-28 09:04:56 +02:00 · a3ed68508b
commit a3ed68508b
parent e981645791
1 changed files with 0 additions and 2 deletions
--- a/osc/core.py
+++ b/osc/core.py
@ -5181,8 +5181,6 @@ def unpack_srcrpm(srpm, dir, *files):
        with open(os.devnull, 'w') as devnull:
            rpm2cpio_proc = subprocess.Popen(['rpm2cpio'], stdin=fsrpm,
                                             stdout=subprocess.PIPE)
-            # XXX: shell injection is possible via the files parameter, but the
-            #      current osc code does not use the files parameter.
            cpio_proc = subprocess.Popen(['cpio', '-i'] + list(files),
                                         stdin=rpm2cpio_proc.stdout,
                                         stderr=devnull)