From: Tim Pierce <twp@curoverse.com>
Date: Thu, 3 Apr 2014 18:22:10 +0000 (-0400)
Subject: Use quotemeta to protect shell escapes (refs #2221, #2325)
X-Git-Tag: 1.1.0~2690^2~64^2~3
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/a20025f9ce967ae845e3c675d764d4d1ce4f4f2c

Use quotemeta to protect shell escapes (refs #2221, #2325)
---

diff --git a/sdk/cli/bin/crunch-job b/sdk/cli/bin/crunch-job
index 40b0033757..e81628cc2b 100755
--- a/sdk/cli/bin/crunch-job
+++ b/sdk/cli/bin/crunch-job
@@ -758,7 +758,7 @@ if ($job_has_uuid) {
 if ($Job->{'output'})
 {
   eval {
-    my $manifest_text = `arv keep get $Job->{'output'}`;
+    my $manifest_text = `arv keep get \Q$Job->{'output'}\E`;
     $arv->{'collections'}->{'create'}->execute('collection' => {
       'uuid' => $Job->{'output'},
       'manifest_text' => $manifest_text,
@@ -1223,7 +1223,8 @@ sub save_meta
   return if $justcheckpoint;  # checkpointing is not relevant post-Warehouse.pm
 
   $local_logfile->flush;
-  my $cmd = "arv keep put --filename $keep_logfile ". $local_logfile->filename;
+  my $cmd = "arv keep put --filename \Q$keep_logfile\E "
+      . quotemeta($local_logfile->filename);
   my $loglocator = `$cmd`;
   die "system $cmd failed: $?" if $?;