From dbc95f15b8dad5224cbb6a52df979023db6cba98 Mon Sep 17 00:00:00 2001
From: Anna Gillert <anna.gillert@cyberus-technology.de>
Date: Mon, 11 Apr 2022 19:16:03 +0200
Subject: [PATCH] nixos/test-driver: Avoid shell injection in machine.execute()

---
 nixos/lib/test-driver/test_driver/machine.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/nixos/lib/test-driver/test_driver/machine.py b/nixos/lib/test-driver/test_driver/machine.py
index ed2aceb96581..035e3ffe8973 100644
--- a/nixos/lib/test-driver/test_driver/machine.py
+++ b/nixos/lib/test-driver/test_driver/machine.py
@@ -529,10 +529,13 @@ class Machine:
         # Always run command with shell opts
         command = f"set -euo pipefail; {command}"
 
+        timeout_str = ""
         if timeout is not None:
-            command = f"timeout {timeout} sh -c {shlex.quote(command)}"
+            timeout_str = f"timeout {timeout}"
 
-        out_command = f"({command}) | (base64 --wrap 0; echo)\n"
+        out_command = (
+            f"{timeout_str} sh -c {shlex.quote(command)} | (base64 --wrap 0; echo)\n"
+        )
 
         assert self.shell
         self.shell.send(out_command.encode())