Merge pull request #6461 from risaacson/modules_make_run_command_safer
Modules make run command safer
This commit is contained in:
commit
e6f6a73328
1 changed files with 17 additions and 16 deletions
|
@ -101,6 +101,7 @@ EXAMPLES = '''
|
|||
|
||||
import ConfigParser
|
||||
import os
|
||||
import pipes
|
||||
try:
|
||||
import MySQLdb
|
||||
except ImportError:
|
||||
|
@ -123,36 +124,36 @@ def db_delete(cursor, db):
|
|||
|
||||
def db_dump(module, host, user, password, db_name, target, port, socket=None):
|
||||
cmd = module.get_bin_path('mysqldump', True)
|
||||
cmd += " --quick --user=%s --password='%s'" %(user, password)
|
||||
cmd += " --quick --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password))
|
||||
if socket is not None:
|
||||
cmd += " --socket=%s" % socket
|
||||
cmd += " --socket=%s" % pipes.quote(socket)
|
||||
else:
|
||||
cmd += " --host=%s --port=%s" % (host, port)
|
||||
cmd += " %s" % db_name
|
||||
cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port))
|
||||
cmd += " %s" % pipes.quote(db_name)
|
||||
if os.path.splitext(target)[-1] == '.gz':
|
||||
cmd = cmd + ' | gzip > ' + target
|
||||
cmd = cmd + ' | gzip > ' + pipes.quote(target)
|
||||
elif os.path.splitext(target)[-1] == '.bz2':
|
||||
cmd = cmd + ' | bzip2 > ' + target
|
||||
cmd = cmd + ' | bzip2 > ' + pipes.quote(target)
|
||||
else:
|
||||
cmd += " > %s" % target
|
||||
rc, stdout, stderr = module.run_command(cmd)
|
||||
cmd += " > %s" % pipes.quote(target)
|
||||
rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
|
||||
return rc, stdout, stderr
|
||||
|
||||
def db_import(module, host, user, password, db_name, target, port, socket=None):
|
||||
cmd = module.get_bin_path('mysql', True)
|
||||
cmd += " --user=%s --password='%s'" %(user, password)
|
||||
cmd += " --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password))
|
||||
if socket is not None:
|
||||
cmd += " --socket=%s" % socket
|
||||
cmd += " --socket=%s" % pipes.quote(socket)
|
||||
else:
|
||||
cmd += " --host=%s --port=%s" % (host, port)
|
||||
cmd += " -D %s" % db_name
|
||||
cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port))
|
||||
cmd += " -D %s" % pipes.quote(db_name)
|
||||
if os.path.splitext(target)[-1] == '.gz':
|
||||
cmd = 'gunzip < ' + target + ' | ' + cmd
|
||||
cmd = 'gunzip < ' + pipes.quote(target) + ' | ' + cmd
|
||||
elif os.path.splitext(target)[-1] == '.bz2':
|
||||
cmd = 'bunzip2 < ' + target + ' | ' + cmd
|
||||
cmd = 'bunzip2 < ' + pipes.quote(target) + ' | ' + cmd
|
||||
else:
|
||||
cmd += " < %s" % target
|
||||
rc, stdout, stderr = module.run_command(cmd)
|
||||
cmd += " < %s" % pipes.quote(target)
|
||||
rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
|
||||
return rc, stdout, stderr
|
||||
|
||||
def db_create(cursor, db, encoding, collation):
|
||||
|
|
Loading…
Reference in a new issue