>From 1a4ed641835c6b6d45b2480c7ff2227e0611fe9d Mon Sep 17 00:00:00 2001
From: liangxin1300 <XLiang@suse.com>
Date: Fri, 18 Dec 2020 13:16:14 +0800
Subject: [PATCH] Fix: history: use Path.mkdir instead of mkdir
 command(bsc#1179999)

And check if the directory name was sane
---
 crmsh/history.py | 10 ++++++----
 crmsh/utils.py   | 14 ++++++++------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/crmsh/history.py b/crmsh/history.py
index 811bcac5..892105c0 100644
--- a/crmsh/history.py
+++ b/crmsh/history.py
@@ -465,6 +465,8 @@ class Report(object):
             return None
 
         d = self._live_loc()
+        if not utils.is_path_sane(d):
+            return None
         utils.rmdir_r(d)
         tarball = "%s.tar.bz2" % d
         to_option = ""
@@ -473,8 +475,7 @@ class Report(object):
         nodes_option = ""
         if self.setnodes:
             nodes_option = "'-n %s'" % ' '.join(self.setnodes)
-        if utils.pipe_cmd_nosudo("mkdir -p %s" % os.path.dirname(d)) != 0:
-            return None
+        utils.mkdirp(os.path.dirname(d))
         common_info("Retrieving information from cluster nodes, please wait...")
         rc = utils.pipe_cmd_nosudo("%s -Z -Q -f '%s' %s %s %s %s" %
                                    (extcmd,
@@ -981,6 +982,8 @@ class Report(object):
 
     def manage_session(self, subcmd, name):
         session_dir = self.get_session_dir(name)
+        if not utils.is_path_sane(session_dir):
+            return False
         if subcmd == "save" and os.path.exists(session_dir):
             common_err("history session %s exists" % name)
             return False
@@ -988,8 +991,7 @@ class Report(object):
             common_err("history session %s does not exist" % name)
             return False
         if subcmd == "save":
-            if utils.pipe_cmd_nosudo("mkdir -p %s" % session_dir) != 0:
-                return False
+            utils.mkdirp(session_dir)
             if self.source == "live":
                 rc = utils.pipe_cmd_nosudo("tar -C '%s' -c . | tar -C '%s' -x" %
                                            (self._live_loc(), session_dir))
diff --git a/crmsh/utils.py b/crmsh/utils.py
index fbf89151..d5d2154d 100644
--- a/crmsh/utils.py
+++ b/crmsh/utils.py
@@ -16,6 +16,7 @@ import fnmatch
 import gc
 import ipaddress
 import argparse
+from pathlib import Path
 from contextlib import contextmanager, closing
 from . import config
 from . import userdir
@@ -568,14 +569,14 @@ def safe_close_w(f):
 
 
 def is_path_sane(name):
-    if re.search(r"['`#*?$\[\]]", name):
+    if re.search(r"['`#*?$\[\];]", name):
         common_err("%s: bad path" % name)
         return False
     return True
 
 
 def is_filename_sane(name):
-    if re.search(r"['`/#*?$\[\]]", name):
+    if re.search(r"['`/#*?$\[\];]", name):
         common_err("%s: bad filename" % name)
         return False
     return True
@@ -704,10 +705,11 @@ def lock(lockdir):
             rmdir_r(os.path.join(lockdir, _LOCKDIR))
 
 
-def mkdirp(d, mode=0o777):
-    if os.path.isdir(d):
-        return True
-    os.makedirs(d, mode=mode)
+def mkdirp(directory, mode=0o777, parents=True, exist_ok=True):
+    """
+    Same behavior as the POSIX mkdir -p command
+    """
+    Path(directory).mkdir(mode, parents, exist_ok)
 
 
 def pipe_cmd_nosudo(cmd):
-- 
2.21.1