Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Subprocess instead of os #1740

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Use Subprocess instead of os #1740

wants to merge 1 commit into from

Conversation

bosd
Copy link
Contributor

@bosd bosd commented Sep 1, 2022

An quick attempt to silence B605: start_process_with_a_shell.

This rule looks for the spawning of a subprocess using a command shell. This type of subprocess invocation is dangerous as it is vulnerable to various shell injection attacks. Great care should be taken to sanitize all input in order to mitigate this risk. Calls of this type are identified by the use of certain commands which are known to use shells.

@bosd
Use Subprocess instead of os
4a5673a 
An quick attempt to silence B605: start_process_with_a_shell
@bosd
Copy link
Contributor Author

bosd commented Sep 2, 2022

Just tested this one on python3.10 on windows 10.
Working ok.

@bosd bosd marked this pull request as ready for review September 2, 2022 14:37
rschell
rschell approved these changes Sep 11, 2022
View reviewed changes
Copy link
Contributor

@rschell rschell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested on 3.11 on linux (rapsberry pi 4 with linux 5.15.65 64-bit)

@Harvie
Copy link
Collaborator

Harvie commented Sep 17, 2022

Can you please explain how is this "safer" ?

@bosd
Copy link
Contributor Author

bosd commented Sep 17, 2022

Sorry, I cannot.
I'm not very knowledgable on the subject.
Basically this pr is to silence a "critical" codefactor.io complaint.
I'm utiliting the suggested fix from codefactor.io.

I'll paste here the complaint and explanation.

This rule looks for the spawning of a subprocess using a command shell. This type of subprocess invocation is dangerous as it is vulnerable to various shell injection attacks. Great care should be taken to sanitize all input in order to mitigate this risk. Calls of this type are identified by the use of certain commands which are known to use shells.

Example of insecure code:

import os

os.system('/bin/echo suspicious code')

The subprocess module provides more powerful facilities for spawning new processes and retrieving their results; using that module is preferable to using this function.

Example of secure code:

import subprocess

subprocess.call('/bin/echo suspicious code', shell=False)

Further Reading

The Python Standard Library - subprocess - Frequently Used Arguments

Bandit - B605: start_process_with_a_shell

@bosd
Copy link
Contributor Author

bosd commented Nov 3, 2022

@Harvie Can you merge this?

@bosd
Copy link
Contributor Author

bosd commented Feb 6, 2023

Ping @Harvie

1 similar comment
@bosd
Copy link
Contributor Author

bosd commented Feb 6, 2023

Ping @Harvie

@Harvie
Copy link
Collaborator

Harvie commented Apr 10, 2023

Yeah, i am still not sure whether this is actualy making something safer or just removing actual useful feature, because some automated tool thinks it might be unsafe without understanding context...

@bosd
Copy link
Contributor Author

bosd commented Apr 12, 2023

Did'nt notice any feature removal.. if so, we an always revert.

rschell
rschell suggested changes Apr 12, 2023
View reviewed changes
Copy link
Contributor

@rschell rschell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to include the self._onStop call made in sender.py, as well, if incorporated.

@Harvie
Copy link
Collaborator

Harvie commented Sep 24, 2024

i think this will break functionality unless shell=true is provided. When shell=false is provided, it expects array of arguments rather than string.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rschell rschell rschell requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bosd @Harvie @rschell