diff mbox series

[4/8] fetch/{sftp,ssh}: Convert to use lists of command arguments

Message ID 20260603104840.815399-4-richard.purdie@linuxfoundation.org
State New
Headers show
Series [1/8] fetch2: Allow runfetchcmd to handle lists of command arguments | expand

Commit Message

Richard Purdie June 3, 2026, 10:48 a.m. UTC 
To follow best practises and avoid shell=True subprocess usage, convert
the fetcher commands to use lists instead of strings. This improves variable
quoting and models modern coding standards.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 lib/bb/fetch2/sftp.py |  8 ++++----
 lib/bb/fetch2/ssh.py  | 28 ++++++++--------------------
 2 files changed, 12 insertions(+), 24 deletions(-)
diff mbox series

Patch

diff --git a/lib/bb/fetch2/sftp.py b/lib/bb/fetch2/sftp.py
index bee71a0d0d0..021a092f1f3 100644
--- a/lib/bb/fetch2/sftp.py
+++ b/lib/bb/fetch2/sftp.py
@@ -48,6 +48,7 @@  SRC_URI = "sftp://user@host.example.com/dir/path.file.txt"
 
 import os
 import bb
+import shlex
 import urllib.request, urllib.parse, urllib.error
 from bb.fetch2 import URI
 from bb.fetch2 import FetchMethod
@@ -83,10 +84,9 @@  class SFTP(FetchMethod):
         """Fetch urls"""
 
         urlo = URI(ud.url)
-        basecmd = 'sftp -oBatchMode=yes'
-        port = ''
+        basecmd = ['sftp', '-oBatchMode=yes']
         if urlo.port:
-            port = '-P %d' % urlo.port
+            basecmd += ['-P', urlo.port]
             urlo.port = None
 
         dldir = d.getVar('DL_DIR')
@@ -105,7 +105,7 @@  class SFTP(FetchMethod):
 
         remote = '"%s%s:%s"' % (user, urlo.hostname, path)
 
-        cmd = '%s %s %s %s' % (basecmd, port, remote, lpath)
+        cmd = basecmd + [remote, lpath]
 
         bb.fetch2.check_network_access(d, cmd, ud.url)
         runfetchcmd(cmd, d)
diff --git a/lib/bb/fetch2/ssh.py b/lib/bb/fetch2/ssh.py
index 2a0f2cb44b4..56e455fb47f 100644
--- a/lib/bb/fetch2/ssh.py
+++ b/lib/bb/fetch2/ssh.py
@@ -85,18 +85,16 @@  class SSH(FetchMethod):
         user = m.group('user')
         password = m.group('pass')
 
+        portarg = []
         if port:
-            portarg = '-P %s' % port
-        else:
-            portarg = ''
+            portarg = ['-P', port]
 
+        fr = host
         if user:
             fr = user
             if password:
                 fr += ':%s' % password
             fr += '@%s' % host
-        else:
-            fr = host
 
         if path[0] != '~':
             path = '/%s' % path
@@ -104,11 +102,7 @@  class SSH(FetchMethod):
 
         fr += ':%s' % path
 
-        cmd = 'scp -B -r %s %s %s/' % (
-            portarg,
-            fr,
-            dldir
-        )
+        cmd = ['scp', '-B', '-r'] + portarg + [fr, dldir + "/"]
 
         check_network_access(d, cmd, urldata.url)
 
@@ -125,28 +119,22 @@  class SSH(FetchMethod):
         user = m.group('user')
         password = m.group('pass')
 
+        portarg = []
         if port:
-            portarg = '-P %s' % port
-        else:
-            portarg = ''
+            portarg = ['-P', port]
 
+        fr = host
         if user:
             fr = user
             if password:
                 fr += ':%s' % password
             fr += '@%s' % host
-        else:
-            fr = host
 
         if path[0] != '~':
             path = '/%s' % path
         path = urllib.parse.unquote(path)
 
-        cmd = 'ssh -o BatchMode=true %s %s [ -f %s ]' % (
-            portarg,
-            fr,
-            path
-        )
+        cmd = ['ssh', '-o', 'BatchMode=true'] + portarg + [fr, '[', '-f', path, ']']
 
         check_network_access(d, cmd, urldata.url)
         runfetchcmd(cmd, d)