From d156784fd7557e8f5ce8a6de5cd3a6a38a78e436 Mon Sep 17 00:00:00 2001
From: Zac Medico <zmedico@gentoo.org>
Date: Thu, 7 Nov 2019 20:52:42 -0800
Subject: repoman: fix unsafe string interpolation (bug 699508)

Reported-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org>
Bug: https://bugs.gentoo.org/699508
Signed-off-by: Zac Medico <zmedico@gentoo.org>
---
 repoman/lib/repoman/modules/linechecks/controller.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/repoman/lib/repoman/modules/linechecks/controller.py b/repoman/lib/repoman/modules/linechecks/controller.py
index 7082a5d02..b468e348d 100644
--- a/repoman/lib/repoman/modules/linechecks/controller.py
+++ b/repoman/lib/repoman/modules/linechecks/controller.py
@@ -1,4 +1,6 @@
 
+from __future__ import unicode_literals
+
 import logging
 import operator
 import os
@@ -136,7 +138,8 @@ class LineCheckController(object):
 						if not ignore or not ignore.match(line):
 							e = lc.check(num, line)
 							if e:
-								yield lc.repoman_check_name, e % (num + 1)
+								# String interpolation on the variable e is unsafe because it can contain % characters.
+								yield lc.repoman_check_name, e.replace('on line: %d', 'on line: %d' % strnum + 1)
 
 		for lc in checks:
 			i = lc.end()
-- 
cgit v1.2.3-65-gdbad