[PATCH linux-next] kunit: tool: use absolute path for wget

cgel.zte at gmail.com cgel.zte at gmail.com
Thu Sep 22 01:36:11 PDT 2022


From: Xu Panda <xu.panda at zte.com.cn>

Not using absolute path when invoking wget can lead to serious
security issues.

Reported-by: Zeal Robot <zealci at zte.com.cn>
Signed-off-by: Xu Panda <xu.panda at zte.com.cn>
---
 tools/testing/kunit/qemu_configs/riscv.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/testing/kunit/qemu_configs/riscv.py b/tools/testing/kunit/qemu_configs/riscv.py
index 6207be146d26..c3dcd654ca15 100644
--- a/tools/testing/kunit/qemu_configs/riscv.py
+++ b/tools/testing/kunit/qemu_configs/riscv.py
@@ -11,7 +11,7 @@ if not os.path.isfile(OPENSBI_FILE):
              'Would you like me to download it for you from:\n' + GITHUB_OPENSBI_URL + ' ?\n')
        response = input('yes/[no]: ')
        if response.strip() == 'yes':
-               os.system('wget ' + GITHUB_OPENSBI_URL)
+               os.system('/usr/bin/wget ' + GITHUB_OPENSBI_URL)
        else:
                sys.exit()

-- 
2.15.2



More information about the linux-riscv mailing list