mirror of
https://github.com/openSUSE/osc.git
synced 2025-09-06 21:28:42 +02:00
Actually, there is nothing that can be injected, except the "-h"
option. However, in case rpm2cpio evolves, we are on the safe side.
Also, document the potential shell injection in the cpio call
(the comment was accidentally removed in commit dbdc712
) (the
current osc code is not affected, because we never pass filenames
via *files to core.unpack_srcrpm).