rules_foreign_cc icon indicating copy to clipboard operation
rules_foreign_cc copied to clipboard
verified publisher icon bazelbuild

Calls to `rm -rf` and `mkdir` are improperly quoted

Open gr1mpatr0n opened this issue 10 months ago • 1 comments

Calls to rm -rf and mkdir, such as in rm -rf $BUILD_TMPDIR and mkdir -p $INSTALLDIR are not properly quoted and therefore do not handle paths containing spaces. I would go so far as to consider this a security issue, as the generated script may end up force-deleting any directory on a user's system for which it has permission to do so.

This issue is most apparent on Windows systems, where paths containing spaces are commonplace.

gr1mpatr0n avatar Mar 30 '25 01:03 gr1mpatr0n

Discussion continues in https://github.com/bazel-contrib/rules_foreign_cc/pull/1389.

gr1mpatr0n avatar Apr 05 '25 00:04 gr1mpatr0n