THRIFT-3893 Command injection in format_go_output
Client: Go
Patch: Jens Geyer
diff --git a/compiler/cpp/src/generate/t_go_generator.cc b/compiler/cpp/src/generate/t_go_generator.cc
index f4ddfeb..b9429c1 100644
--- a/compiler/cpp/src/generate/t_go_generator.cc
+++ b/compiler/cpp/src/generate/t_go_generator.cc
@@ -3656,6 +3656,14 @@
}
bool format_go_output(const string& file_path) {
+
+ // formatting via gofmt deactivated due to THRIFT-3893
+ // Please look at the ticket and make sure you fully understand all the implications
+ // before submitting a patch that enables this feature again. Thank you.
+ (void) file_path;
+ return false;
+
+ /*
const string command = "gofmt -w " + file_path;
if (system(command.c_str()) == 0) {
@@ -3664,7 +3672,8 @@
fprintf(stderr, "WARNING - Running '%s' failed.\n", command.c_str());
return false;
-}
+ */
+ }
THRIFT_REGISTER_GENERATOR(go, "Go",
" package_prefix= Package prefix for generated files.\n" \