File 0001-Fix-history-use-utils.mkdirp-instead-of-system-mkdir.patch of Package crmsh.19521

From f7b8effab9e8bb79382e49718518ae8cb6e035c7 Mon Sep 17 00:00:00 2001
From: liangxin1300 <XLiang@suse.com>
Date: Fri, 18 Dec 2020 13:16:14 +0800
Subject: [PATCH] Fix: history: use utils.mkdirp instead of system mkdir
 command(bsc#1179999)

And check if the directory name was sane
---
 crmsh/history.py | 10 ++++++----
 crmsh/utils.py   |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/crmsh/history.py b/crmsh/history.py
index 811bcac5..892105c0 100644
--- a/crmsh/history.py
+++ b/crmsh/history.py
@@ -465,6 +465,8 @@ class Report(object):
             return None
 
         d = self._live_loc()
+        if not utils.is_path_sane(d):
+            return None
         utils.rmdir_r(d)
         tarball = "%s.tar.bz2" % d
         to_option = ""
@@ -473,8 +475,7 @@ class Report(object):
         nodes_option = ""
         if self.setnodes:
             nodes_option = "'-n %s'" % ' '.join(self.setnodes)
-        if utils.pipe_cmd_nosudo("mkdir -p %s" % os.path.dirname(d)) != 0:
-            return None
+        utils.mkdirp(os.path.dirname(d))
         common_info("Retrieving information from cluster nodes, please wait...")
         rc = utils.pipe_cmd_nosudo("%s -Z -Q -f '%s' %s %s %s %s" %
                                    (extcmd,
@@ -981,6 +982,8 @@ class Report(object):
 
     def manage_session(self, subcmd, name):
         session_dir = self.get_session_dir(name)
+        if not utils.is_path_sane(session_dir):
+            return False
         if subcmd == "save" and os.path.exists(session_dir):
             common_err("history session %s exists" % name)
             return False
@@ -988,8 +991,7 @@ class Report(object):
             common_err("history session %s does not exist" % name)
             return False
         if subcmd == "save":
-            if utils.pipe_cmd_nosudo("mkdir -p %s" % session_dir) != 0:
-                return False
+            utils.mkdirp(session_dir)
             if self.source == "live":
                 rc = utils.pipe_cmd_nosudo("tar -C '%s' -c . | tar -C '%s' -x" %
                                            (self._live_loc(), session_dir))
diff --git a/crmsh/utils.py b/crmsh/utils.py
index b0970a8b..7448ba60 100644
--- a/crmsh/utils.py
+++ b/crmsh/utils.py
@@ -591,14 +591,14 @@ def safe_close_w(f):
 
 
 def is_path_sane(name):
-    if re.search(r"['`#*?$\[\]]", name):
+    if re.search(r"['`#*?$\[\];]", name):
         common_err("%s: bad path" % name)
         return False
     return True
 
 
 def is_filename_sane(name):
-    if re.search(r"['`/#*?$\[\]]", name):
+    if re.search(r"['`/#*?$\[\];]", name):
         common_err("%s: bad filename" % name)
         return False
     return True
-- 
2.21.1