[lintian] 02/02: Prevent a false positive in the possibly-insecure-handling-of-tmp-files-in-maintainer-script tag by detecting XXX-like mktemp(1) templates. (Closes: #601323)

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 02/02: Prevent a false positive in the possibly-insecure-handling-of-tmp-files-in-maintainer-script tag by detecting XXX-like mktemp(1) templates. (Closes: #601323)
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Tue, 26 Dec 2017 14:42:31 +0000
Message-id: <[🔎] E1eTqR5-0007u4-Co@moszumanska.debian.org>
Reply-to: Chris Lamb <lamby@debian.org>
In-reply-to: <[🔎] 20171226144230.30129.6751@moszumanska.debian.org>
References: <[🔎] 20171226144230.30129.6751@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit 7bf120e37d420942e1473ac1ef09ea1be7764827
Author: Chris Lamb <lamby@debian.org>
Date:   Tue Dec 26 14:41:25 2017 +0000

    Prevent a false positive in the possibly-insecure-handling-of-tmp-files-in-maintainer-script tag by detecting XXX-like mktemp(1) templates. (Closes: #601323)
---
 checks/scripts.pm                                        | 1 +
 debian/changelog                                         | 3 +++
 t/tests/legacy-maintainer-scripts/debian/debian/postinst | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/checks/scripts.pm b/checks/scripts.pm
index 6615242..57af865 100644
--- a/checks/scripts.pm
+++ b/checks/scripts.pm
@@ -713,6 +713,7 @@ sub run {
                 and not m/\bmks?temp\b/
                 and not m/\btempfile\b/
                 and not m/\bmkdir\b/
+                and not m/\bXXXXXX\b/
                 and not m/\$RANDOM/) {
                 #<<< no perltidy - tag name too long
                 tag 'possibly-insecure-handling-of-tmp-files-in-maintainer-script',
diff --git a/debian/changelog b/debian/changelog
index 7f00572..f398d28 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -169,6 +169,9 @@ lintian (2.5.63) unstable; urgency=medium
     + [CL] Prevent a false-positive in missing-dep-for-interpreter by
       matching ABI-versioned virtual packages for Erlang. Thanks to
       Jean Parpaillon for the report.  (Closes: #810204)
+    + [CL] Prevent a false positive in the
+      possibly-insecure-handling-of-tmp-files-in-maintainer-script tag by
+      detecting XXX-like mktemp(1) templates.  (Closes: #601323)
   * checks/source-copyright.desc:
     + [CL] Update description of source-includes-file-in-files-excluded
       to clarify the potential problem and to reference the relevant
diff --git a/t/tests/legacy-maintainer-scripts/debian/debian/postinst b/t/tests/legacy-maintainer-scripts/debian/debian/postinst
index 4e18d68..e56ed3b 100644
--- a/t/tests/legacy-maintainer-scripts/debian/debian/postinst
+++ b/t/tests/legacy-maintainer-scripts/debian/debian/postinst
@@ -46,7 +46,7 @@ FOO=`mktemp /tmp/scripts.XXXXXX`
 rm "$FOO"
 FOO=`tempfile -n/tmp/scripts.tmp`
 mkdir /var/tmp/scripts
-
+FOO="/tmp/false.positive.XXXXXX"
 # invalid
 echo foo >>/tmp/scripts.tmp
 rm /tmp/scripts.tmp

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git

Reply to:

References:
- [lintian] branch master updated (dd80809 -> 7bf120e)
  - From: Chris Lamb <chris@chris-lamb.co.uk>

Prev by Date: [lintian] branch master updated (dd80809 -> 7bf120e)
Next by Date: [lintian] 01/02: t/tests/legacy-maintainer-scripts/tags: Move all tests down one line for next commit. (no-op)
Previous by thread: [lintian] branch master updated (dd80809 -> 7bf120e)
Next by thread: [lintian] 01/02: t/tests/legacy-maintainer-scripts/tags: Move all tests down one line for next commit. (no-op)
Index(es):
- Date
- Thread