From a536c1dc4f4c28da96a64a6c91e6ed5061e3c077 Mon Sep 17 00:00:00 2001
From: Florent Le Coz <louiz@louiz.org>
Date: Mon, 22 Oct 2012 17:14:21 +0200
Subject: Make the Executor class reliable.

Plugins do not need to escape the command arguments or remove the line
breaks and care about how the will get parsed anymore, they just need to
pass a list of args.

Do not spawn an additional shell, for more clarity, simplicity and possibly
security.
---
 src/daemon.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'src/daemon.py')

diff --git a/src/daemon.py b/src/daemon.py
index 5d8c9fab..08cf480f 100755
--- a/src/daemon.py
+++ b/src/daemon.py
@@ -38,17 +38,34 @@ class Executor(threading.Thread):
     def __init__(self, command):
         threading.Thread.__init__(self)
         self.command = command
+        # check for > or >> special case
+        self.filename = None
+        self.redirection_mode = 'w'
+        if len(command) >= 3:
+            if command[-2] in ('>', '>>'):
+                self.filename = command.pop(-1)
+                if command[-1] == '>>':
+                    self.redirection_mode = 'a'
+                command.pop(-1)
 
     def run(self):
         log.info('executing %s' % (self.command,))
-        subprocess.call(['sh', '-c', self.command])
+        stdout = None
+        if self.filename:
+            try:
+                stdout = open(self.filename, self.redirection_mode)
+            except (OSError, IOError) as e:
+                log.error('Could not open redirection file: %s (%s)' % (self.filename, e,))
+                return
+        subprocess.call(self.command, stdout=stdout)
 
 def main():
     while True:
         line = sys.stdin.readline()
         if line == '':
             break
-        e = Executor(line)
+        command = shlex.split(line)
+        e = Executor(command)
         e.start()
 
 if __name__ == '__main__':
-- 
cgit v1.2.3