From: Xu Panda xu.panda@zte.com.cn
Not using absolute path when invoking wget can lead to serious security issues.
Reported-by: Zeal Robot zealci@zte.com.cn Signed-off-by: Xu Panda xu.panda@zte.com.cn --- tools/testing/kunit/qemu_configs/riscv.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/kunit/qemu_configs/riscv.py b/tools/testing/kunit/qemu_configs/riscv.py index 6207be146d26..c3dcd654ca15 100644 --- a/tools/testing/kunit/qemu_configs/riscv.py +++ b/tools/testing/kunit/qemu_configs/riscv.py @@ -11,7 +11,7 @@ if not os.path.isfile(OPENSBI_FILE): 'Would you like me to download it for you from:\n' + GITHUB_OPENSBI_URL + ' ?\n') response = input('yes/[no]: ') if response.strip() == 'yes': - os.system('wget ' + GITHUB_OPENSBI_URL) + os.system('/usr/bin/wget ' + GITHUB_OPENSBI_URL) else: sys.exit()