Merge pull request #6461 from risaacson/modules_make_run_command_safer
Modules make run command safer
This commit is contained in:
commit
35b4cf001c
1 changed files with 17 additions and 16 deletions
|
@ -101,6 +101,7 @@ EXAMPLES = '''
|
||||||
|
|
||||||
import ConfigParser
|
import ConfigParser
|
||||||
import os
|
import os
|
||||||
|
import pipes
|
||||||
try:
|
try:
|
||||||
import MySQLdb
|
import MySQLdb
|
||||||
except ImportError:
|
except ImportError:
|
||||||
|
@ -123,36 +124,36 @@ def db_delete(cursor, db):
|
||||||
|
|
||||||
def db_dump(module, host, user, password, db_name, target, port, socket=None):
|
def db_dump(module, host, user, password, db_name, target, port, socket=None):
|
||||||
cmd = module.get_bin_path('mysqldump', True)
|
cmd = module.get_bin_path('mysqldump', True)
|
||||||
cmd += " --quick --user=%s --password='%s'" %(user, password)
|
cmd += " --quick --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password))
|
||||||
if socket is not None:
|
if socket is not None:
|
||||||
cmd += " --socket=%s" % socket
|
cmd += " --socket=%s" % pipes.quote(socket)
|
||||||
else:
|
else:
|
||||||
cmd += " --host=%s --port=%s" % (host, port)
|
cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port))
|
||||||
cmd += " %s" % db_name
|
cmd += " %s" % pipes.quote(db_name)
|
||||||
if os.path.splitext(target)[-1] == '.gz':
|
if os.path.splitext(target)[-1] == '.gz':
|
||||||
cmd = cmd + ' | gzip > ' + target
|
cmd = cmd + ' | gzip > ' + pipes.quote(target)
|
||||||
elif os.path.splitext(target)[-1] == '.bz2':
|
elif os.path.splitext(target)[-1] == '.bz2':
|
||||||
cmd = cmd + ' | bzip2 > ' + target
|
cmd = cmd + ' | bzip2 > ' + pipes.quote(target)
|
||||||
else:
|
else:
|
||||||
cmd += " > %s" % target
|
cmd += " > %s" % pipes.quote(target)
|
||||||
rc, stdout, stderr = module.run_command(cmd)
|
rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
|
||||||
return rc, stdout, stderr
|
return rc, stdout, stderr
|
||||||
|
|
||||||
def db_import(module, host, user, password, db_name, target, port, socket=None):
|
def db_import(module, host, user, password, db_name, target, port, socket=None):
|
||||||
cmd = module.get_bin_path('mysql', True)
|
cmd = module.get_bin_path('mysql', True)
|
||||||
cmd += " --user=%s --password='%s'" %(user, password)
|
cmd += " --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password))
|
||||||
if socket is not None:
|
if socket is not None:
|
||||||
cmd += " --socket=%s" % socket
|
cmd += " --socket=%s" % pipes.quote(socket)
|
||||||
else:
|
else:
|
||||||
cmd += " --host=%s --port=%s" % (host, port)
|
cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port))
|
||||||
cmd += " -D %s" % db_name
|
cmd += " -D %s" % pipes.quote(db_name)
|
||||||
if os.path.splitext(target)[-1] == '.gz':
|
if os.path.splitext(target)[-1] == '.gz':
|
||||||
cmd = 'gunzip < ' + target + ' | ' + cmd
|
cmd = 'gunzip < ' + pipes.quote(target) + ' | ' + cmd
|
||||||
elif os.path.splitext(target)[-1] == '.bz2':
|
elif os.path.splitext(target)[-1] == '.bz2':
|
||||||
cmd = 'bunzip2 < ' + target + ' | ' + cmd
|
cmd = 'bunzip2 < ' + pipes.quote(target) + ' | ' + cmd
|
||||||
else:
|
else:
|
||||||
cmd += " < %s" % target
|
cmd += " < %s" % pipes.quote(target)
|
||||||
rc, stdout, stderr = module.run_command(cmd)
|
rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
|
||||||
return rc, stdout, stderr
|
return rc, stdout, stderr
|
||||||
|
|
||||||
def db_create(cursor, db, encoding, collation):
|
def db_create(cursor, db, encoding, collation):
|
||||||
|
|
Loading…
Reference in a new issue