File fix_codecov_not_sanitizing_arguments.patch of Package python-codecov
diff -Nru codecov-2.0.15.orig/codecov/__init__.py codecov-2.0.15/codecov/__init__.py
--- codecov-2.0.15.orig/codecov/__init__.py 2018-01-29 16:52:04.000000000 +0100
+++ codecov-2.0.15/codecov/__init__.py 2022-07-14 09:40:32.295051740 +0200
@@ -38,6 +38,10 @@
remove_token = re.compile(r'token=[^\&]+').sub
+def sanitize_arg(replacement, arg):
+ return re.sub(r'[\&]+', replacement, arg, 0, re.MULTILINE)
+
+
ignored_path = re.compile(r'(/vendor)|'
r'(/js/generated/coverage)|'
r'(/__pycache__)|'
@@ -614,11 +618,11 @@
)
write('==> Processing gcov (disable by -X gcov)')
cmd = "find %s %s -type f -name '*.gcno' %s -exec %s -pb %s {} +" % (
- (codecov.gcov_root or root),
+ (sanitize_arg('', codecov.gcov_root or root)),
dont_search_here,
" ".join(map(lambda a: "-not -path '%s'" % a, codecov.gcov_glob)),
- (codecov.gcov_exec or ''),
- (codecov.gcov_args or ''))
+ (sanitize_arg('', codecov.gcov_exec or '')),
+ (sanitize_arg('', codecov.gcov_args or '')))
write(' Executing gcov (%s)' % cmd)
try_to_run(cmd)