From: Xu Panda <xu.panda@xxxxxxxxxx>
Not using absolute path when invoking wget can lead to serious
security issues.
Reported-by: Zeal Robot <zealci@xxxxxxxxxx>
Signed-off-by: Xu Panda <xu.panda@xxxxxxxxxx>
---
tools/testing/kunit/qemu_configs/riscv.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/kunit/qemu_configs/riscv.py b/tools/testing/kunit/qemu_configs/riscv.py
index 6207be146d26..c3dcd654ca15 100644
--- a/tools/testing/kunit/qemu_configs/riscv.py
+++ b/tools/testing/kunit/qemu_configs/riscv.py
@@ -11,7 +11,7 @@ if not os.path.isfile(OPENSBI_FILE):
'Would you like me to download it for you from:\n' + GITHUB_OPENSBI_URL + ' ?\n')
response = input('yes/[no]: ')
if response.strip() == 'yes':
- os.system('wget ' + GITHUB_OPENSBI_URL)
+ os.system('/usr/bin/wget ' + GITHUB_OPENSBI_URL)
else:
sys.exit()
--
2.15.2
