Daniel Shahaf wrote:
I think that's the wrong fix. Input validation should be done by
checking that the input is valid, not by ruling out every known invalid
value.[1] In this case: by checking os.path.exists() at the point in the
code that tries to interpret the argument as a filename.
Fixed in the attached patch.
Regards.
--
Masaru Tsuchiyama <m.tma...@gmail.com>
Index: gen-make.py
===================================================================
--- gen-make.py (revision 1515099)
+++ gen-make.py (working copy)
@@ -278,6 +278,9 @@ if __name__ == '__main__':
except getopt.GetoptError, e:
_usage_exit(str(e))
+ if args and args[0] and os.path.exists(args[0]) != True:
+ _usage_exit("argument must be a path to build.conf file")
+
conf = 'build.conf'
skip = 0
gentype = 'make'
