diff mbox series

[AUH,v2,1/2] git: use temp file for commit message to avoid shell escaping issues

Message ID 20260525111845.1018725-1-daniel.turull@ericsson.com
State New
Headers show
Series [AUH,v2,1/2] git: use temp file for commit message to avoid shell escaping issues | expand

Commit Message

Daniel Turull May 25, 2026, 11:18 a.m. UTC 
From: Daniel Turull <daniel.turull@ericsson.com>

Passing the commit message via -m "..." interpolates it directly into
a shell command, causing a syntax error when the message contains special
characters such as backticks, double quotes, or shell metacharacters.

Use a temporary file with -F instead, which bypasses shell interpretation
entirely.

AI-Generated: kiro with claude-opus-4.6 model
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
---
v2: simplify generation of temporal file
---
 modules/utils/git.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/modules/utils/git.py b/modules/utils/git.py
index b383049..f86c141 100644
--- a/modules/utils/git.py
+++ b/modules/utils/git.py
@@ -24,6 +24,7 @@ 
 #
 
 import os
+import tempfile
 
 from utils.bitbake import bb
 from errors import Error
@@ -54,10 +55,13 @@  class Git(object):
         return self._cmd("add " + src)
 
     def commit(self, commit_message, author=None):
-        if author is None:
-            return self._cmd("commit -a -s -m \"" + commit_message + "\"")
-        else:
-            return self._cmd("commit -a --author=\"" + author + "\" -m \"" + commit_message + "\"")
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.txt') as f:
+            f.write(commit_message)
+            f.flush()
+            if author is None:
+                return self._cmd("commit -a -s -F " + f.name)
+            else:
+                return self._cmd("commit -a --author=\"" + author + "\" -F " + f.name)
 
     def revert(self, commit):
         return self._cmd("revert --no-edit " + commit)