From c36586eccb15c143a0c07854b1c2343a35d5239a Mon Sep 17 00:00:00 2001
From: "mcafee%netscape.com" <mcafee%netscape.com>
Date: Sun, 11 Nov 2001 09:08:56 +0000
Subject: [PATCH] Switching to arg form of system call to avoid security hole
 (76109)

---
 webtools/tinderbox/copylogs        |  2 +-
 webtools/tinderbox/handlemail.pl   |  2 +-
 webtools/tinderbox/processbuild.pl | 14 +++++++-------
 webtools/tinderbox/showbuilds.cgi  |  2 +-
 webtools/tinderbox/tbglobals.pl    |  2 +-
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/webtools/tinderbox/copylogs b/webtools/tinderbox/copylogs
index 589eabb950319..e034cf489c8be 100755
--- a/webtools/tinderbox/copylogs
+++ b/webtools/tinderbox/copylogs
@@ -10,7 +10,7 @@ for $br (last_successful_builds($tree)) {
     print "Log previously copied for $br->{buildname}, $logfile\n";
   } else {
     chdir "$tree";
-    system "wget http://tinderbox.mozilla.org/$logfile";
+    system("wget", "http://tinderbox.mozilla.org/$logfile");
     chdir '..';
     print "Log copied for $br->{buildname}, $logfile\n";
   }
diff --git a/webtools/tinderbox/handlemail.pl b/webtools/tinderbox/handlemail.pl
index f3e1c50d2e4f3..7a684250c264f 100755
--- a/webtools/tinderbox/handlemail.pl
+++ b/webtools/tinderbox/handlemail.pl
@@ -44,7 +44,7 @@ while(<STDIN>){
 }
 close(DF);
 
-$err = system("./processbuild.pl data/tbx.$$");
+$err = system("./processbuild.pl", "data/tbx.$$");
 
 if( $err ) {
     die "processbuild.pl returned an error\n";
diff --git a/webtools/tinderbox/processbuild.pl b/webtools/tinderbox/processbuild.pl
index e87bb8f16b7c5..9c708cd2b57d3 100755
--- a/webtools/tinderbox/processbuild.pl
+++ b/webtools/tinderbox/processbuild.pl
@@ -64,7 +64,7 @@ unlink $mail_file;
 
 # Who data
 #
-system "./buildwho.pl $tinderbox{tree}";
+system("./buildwho.pl", "$tinderbox{tree}");
 
 
 # Warnings
@@ -74,7 +74,7 @@ require "$tinderbox{tree}/treedata.pl" if -r "$tinderbox{tree}/treedata.pl";
 if (defined $warning_buildnames_pat
     and $tinderbox{build} =~ /^$warning_buildnames_pat$/
     and $tinderbox{status} ne 'failed') {
-  system "./warnings.pl $tinderbox{tree}/$tinderbox{logfile}";
+  system("./warnings.pl", "$tinderbox{tree}/$tinderbox{logfile}");
 }
 
 # Bloat data
@@ -83,7 +83,7 @@ if (defined $warning_buildnames_pat
 if (defined $bloat_buildnames_pat
     and $tinderbox{build} =~ /^$bloat_buildnames_pat$/
     and $tinderbox{status} eq 'success') {
-  system "./bloat.pl $tinderbox{tree} $tinderbox{logfile}";
+  system("./bloat.pl",  "$tinderbox{tree}", "$tinderbox{logfile}");
 }
 
 # Pageloader data
@@ -92,7 +92,7 @@ if (defined $bloat_buildnames_pat
 if (defined $pageloader_buildnames_pat
     and $tinderbox{build} =~ /^$pageloader_buildnames_pat$/
     and $tinderbox{status} eq 'success') {
-  system "./pageloader.pl $tinderbox{tree} $tinderbox{logfile}";
+  system("./pageloader.pl", "$tinderbox{tree}", "$tinderbox{logfile}");
 }
 
 # Startup data
@@ -101,7 +101,7 @@ if (defined $pageloader_buildnames_pat
 if (defined $startup_buildnames_pat
     and $tinderbox{build} =~ /^$startup_buildnames_pat$/
     and $tinderbox{status} eq 'success') {
-  system "./startup.pl $tinderbox{tree} $tinderbox{logfile}";
+  system("./startup.pl", "$tinderbox{tree}", "$tinderbox{logfile}");
 }
 
 # Scrape data
@@ -109,13 +109,13 @@ if (defined $startup_buildnames_pat
 require "$tinderbox{tree}/scrapebuilds.pl" if -r "$tinderbox{tree}/scrapebuilds.pl";
 if ($scrape_builds->{$tinderbox{build}}
     and $tinderbox{status} eq 'success') {
-  system "./scrape.pl $tinderbox{tree} $tinderbox{logfile}";
+  system("./scrape.pl", "$tinderbox{tree}", "$tinderbox{logfile}");
 }
 
 # Static pages
 #   For Sidebar flash and tinderbox panels.
 $ENV{QUERY_STRING}="tree=$tinderbox{tree}&static=1";
-system './showbuilds.cgi';
+system("./showbuilds.cgi");
 
 # end of main
 ######################################################################
diff --git a/webtools/tinderbox/showbuilds.cgi b/webtools/tinderbox/showbuilds.cgi
index 962130697acf4..a3e06c8dcf771 100755
--- a/webtools/tinderbox/showbuilds.cgi
+++ b/webtools/tinderbox/showbuilds.cgi
@@ -147,7 +147,7 @@ sub do_static {
     eval "$call";
 
     close(OUT);
-    system "mv $outfile.$$ $outfile";
+    system("mv $outfile.$$ $outfile");
   }
   select $oldfh;
 }
diff --git a/webtools/tinderbox/tbglobals.pl b/webtools/tinderbox/tbglobals.pl
index 5e001af5606f4..71965f96af8d7 100755
--- a/webtools/tinderbox/tbglobals.pl
+++ b/webtools/tinderbox/tbglobals.pl
@@ -302,7 +302,7 @@ sub tb_build_static {
   # Build tinderbox static pages
   $ENV{QUERY_STRING}="tree=$tree&static=1";
   $ENV{REQUEST_METHOD}="GET";
-  system './showbuilds.cgi >/dev/null&';
+  system("./showbuilds.cgi >/dev/null&");
 }
 
 # end of public functions
-- 
GitLab