[device/centec] Replace os.system and remove subprocess with shell=True (#12024)

Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
Remove unused functions
This commit is contained in:
Mai Bui 2022-10-07 10:48:25 -04:00 committed by GitHub
parent d5a3613ce2
commit 3cd9b2e1b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 52 additions and 72 deletions

View File

@ -1,11 +1,13 @@
#!/usr/bin/python #!/usr/bin/python
import os
def main(): def main():
# reboot the system # reboot the system
os.system('echo 502 > /sys/class/gpio/export') with open('/sys/class/gpio/export', 'w') as file:
os.system('echo out > /sys/class/gpio/gpio502/direction') file.write('502\n')
os.system('echo 1 > /sys/class/gpio/gpio502/value') with open('/sys/class/gpio/gpio502/direction', 'w') as file:
file.write('out\n')
with open('/sys/class/gpio/gpio502/value', 'w') as file:
file.write('1\n')
if __name__ == "__main__": if __name__ == "__main__":
main() main()

View File

@ -1,11 +1,13 @@
#!/usr/bin/python #!/usr/bin/python
import os
def main(): def main():
# reboot the system # reboot the system
os.system('echo 502 > /sys/class/gpio/export') with open('/sys/class/gpio/export', 'w') as file:
os.system('echo out > /sys/class/gpio/gpio502/direction') file.write('502\n')
os.system('echo 1 > /sys/class/gpio/gpio502/value') with open('/sys/class/gpio/gpio502/direction', 'w') as file:
file.write('out\n')
with open('/sys/class/gpio/gpio502/value', 'w') as file:
file.write('1\n')
if __name__ == "__main__": if __name__ == "__main__":
main() main()

View File

@ -1,12 +1,12 @@
#!/usr/bin/python #!/usr/bin/python
import os import subprocess
def main(): def main():
# reboot the system # reboot the system
os.system('modprobe i2c-dev') subprocess.call(['modprobe', 'i2c-dev'])
os.system('i2cset -y 0 0x36 0x23 0x0') subprocess.call(['i2cset', '-y', '0', '0x36', '0x23', '0x0'])
os.system('sleep 1') subprocess.call(['sleep', '1'])
os.system('i2cset -y 0 0x36 0x23 0x3') subprocess.call(['i2cset', '-y', '0', '0x36', '0x23', '0x3'])
if __name__ == "__main__": if __name__ == "__main__":
main() main()

View File

@ -1,11 +1,13 @@
#!/usr/bin/python #!/usr/bin/python
import os
def main(): def main():
# reboot the system # reboot the system
os.system('echo 502 > /sys/class/gpio/export') with open('/sys/class/gpio/export', 'w') as file:
os.system('echo out > /sys/class/gpio/gpio502/direction') file.write('502\n')
os.system('echo 1 > /sys/class/gpio/gpio502/value') with open('/sys/class/gpio/gpio502/direction', 'w') as file:
file.write('out\n')
with open('/sys/class/gpio/gpio502/value', 'w') as file:
file.write('1\n')
if __name__ == "__main__": if __name__ == "__main__":
main() main()

View File

@ -1,15 +1,15 @@
#!/usr/bin/env python #!/usr/bin/env python
import os import subprocess
import time import time
def main(): def main():
os.system('hwclock -w -f /dev/rtc1') subprocess.call(['hwclock', '-w', '-f', '/dev/rtc1'])
time.sleep(1) time.sleep(1)
os.system('i2cset -y 0 0x36 0x23 0') subprocess.call(['i2cset', '-y', '0', '0x36', '0x23', '0'])
time.sleep(1) time.sleep(1)
os.system('i2cset -y 0 0x36 0x23 1') subprocess.call(['i2cset', '-y', '0', '0x36', '0x23', '1'])
if __name__ == '__main__': if __name__ == '__main__':
main() main()

View File

@ -166,11 +166,11 @@ class LedControl(LedControlBase):
def _initSystemLed(self): def _initSystemLed(self):
try: try:
cmd = 'i2cset -y 0 0x36 0x2 0x5' cmd = ['i2cset', '-y', '0', '0x36', '0x2', '0x5']
Popen(cmd, shell=True) Popen(cmd)
DBG_PRINT("init system led to normal") DBG_PRINT("init system led to normal")
cmd = 'i2cset -y 0 0x36 0x3 0x1' cmd = ['i2cset', '-y', '0', '0x36', '0x3', '0x1']
Popen(cmd, shell=True) Popen(cmd)
DBG_PRINT("init idn led to off") DBG_PRINT("init idn led to off")
except IOError as e: except IOError as e:
DBG_PRINT(str(e)) DBG_PRINT(str(e))

View File

@ -40,8 +40,8 @@ class PsuUtil(PsuBase):
if index is None: if index is None:
return False return False
cmd = 'i2cget -y 0 0x36 0x1e' cmd = ['i2cget', '-y', '0', '0x36', '0x1e']
status = int(Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True).stdout.readline(), 16) status = int(Popen(cmd, stdout=PIPE, stderr=STDOUT).stdout.readline(), 16)
powergood = ((status & (1 << (3 * (index - 1) + 2))) != 0) powergood = ((status & (1 << (3 * (index - 1) + 2))) != 0)
return powergood return powergood
@ -56,7 +56,7 @@ class PsuUtil(PsuBase):
if index is None: if index is None:
return False return False
cmd = 'i2cget -y 0 0x36 0x1e' cmd = ['i2cget', '-y', '0', '0x36', '0x1e']
status = int(Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True).stdout.readline(), 16) status = int(Popen(cmd, stdout=PIPE, stderr=STDOUT).stdout.readline(), 16)
presence = ((status & (1 << (3 * (index - 1) + 1))) == 0) presence = ((status & (1 << (3 * (index - 1) + 1))) == 0)
return presence return presence

View File

@ -1,15 +1,15 @@
#!/usr/bin/env python #!/usr/bin/env python
import os import subprocess
import time import time
def main(): def main():
os.system('hwclock -w -f /dev/rtc1') subprocess.call(['hwclock', '-w', '-f', '/dev/rtc1'])
time.sleep(1) time.sleep(1)
os.system('i2cset -y 0 0x36 0x23 0') subprocess.call(['i2cset', '-y', '0', '0x36', '0x23', '0'])
time.sleep(1) time.sleep(1)
os.system('i2cset -y 0 0x36 0x23 1') subprocess.call(['i2cset', '-y', '0', '0x36', '0x23', '1'])
if __name__ == '__main__': if __name__ == '__main__':
main() main()

View File

@ -166,11 +166,11 @@ class LedControl(LedControlBase):
def _initSystemLed(self): def _initSystemLed(self):
try: try:
cmd = 'i2cset -y 0 0x36 0x2 0x5' cmd = ['i2cset', '-y', '0', '0x36', '0x2', '0x5']
Popen(cmd, shell=True) Popen(cmd)
DBG_PRINT("init system led to normal") DBG_PRINT("init system led to normal")
cmd = 'i2cset -y 0 0x36 0x3 0x1' cmd = ['i2cset', '-y', '0', '0x36', '0x3', '0x1']
Popen(cmd, shell=True) Popen(cmd)
DBG_PRINT("init idn led to off") DBG_PRINT("init idn led to off")
except IOError as e: except IOError as e:
DBG_PRINT(str(e)) DBG_PRINT(str(e))

View File

@ -40,8 +40,8 @@ class PsuUtil(PsuBase):
if index is None: if index is None:
return False return False
cmd = 'i2cget -y 0 0x36 0x1e' cmd = ['i2cget', '-y', '0', '0x36', '0x1e']
status = int(Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True).stdout.readline(), 16) status = int(Popen(cmd, stdout=PIPE, stderr=STDOUT).stdout.readline(), 16)
powergood = ((status & (1 << (3 * (index - 1) + 2))) != 0) powergood = ((status & (1 << (3 * (index - 1) + 2))) != 0)
return powergood return powergood
@ -56,7 +56,7 @@ class PsuUtil(PsuBase):
if index is None: if index is None:
return False return False
cmd = 'i2cget -y 0 0x36 0x1e' cmd = ['i2cget', '-y', '0', '0x36', '0x1e']
status = int(Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True).stdout.readline(), 16) status = int(Popen(cmd, stdout=PIPE, stderr=STDOUT).stdout.readline(), 16)
presence = ((status & (1 << (3 * (index - 1) + 1))) == 0) presence = ((status & (1 << (3 * (index - 1) + 1))) == 0)
return presence return presence

View File

@ -1,4 +1,4 @@
import os.path import subprocess
try: try:
from sonic_psu.psu_base import PsuBase from sonic_psu.psu_base import PsuBase
@ -14,7 +14,7 @@ class PsuUtil(PsuBase):
self.psu_path = "/sys/bus/i2c/devices/{}-0058/" self.psu_path = "/sys/bus/i2c/devices/{}-0058/"
self.psu_oper_status = "in1_input" self.psu_oper_status = "in1_input"
self.psu_presence = "i2cget -y {} 0x50 0x00" self.psu_presence = ["i2cget", "-y", "", "0x50", "0x00"]
def get_num_psus(self): def get_num_psus(self):
""" """
@ -46,8 +46,9 @@ class PsuUtil(PsuBase):
Base_bus_number = 39 Base_bus_number = 39
status = 0 status = 0
try: try:
p = os.popen(self.psu_presence.format(index + Base_bus_number) + "> /dev/null 2>&1") self.psu_presence[2] = str(index + Base_bus_number)
if p.readline() != None: p = subprocess.Popen(self.psu_presence)
if p.stdout.readline() is not None:
status = 1 status = 1
p.close() p.close()
except IOError: except IOError:

View File

@ -5,7 +5,6 @@
try: try:
import time import time
import os
from sonic_sfp.sfputilbase import SfpUtilBase from sonic_sfp.sfputilbase import SfpUtilBase
except ImportError as e: except ImportError as e:
raise ImportError("%s - required module not found" % str(e)) raise ImportError("%s - required module not found" % str(e))
@ -47,32 +46,6 @@ class SfpUtil(SfpUtilBase):
SfpUtilBase.__init__(self) SfpUtilBase.__init__(self)
def get_presence(self, port_name):
# modify by zhw to get sfp presence
# Check for invalid port_num
port_num = int(port_name[8:])
if port_num < (self.port_start+1) or port_num > (self.port_end+1):
return False
# cpld info from "CPLD Register for es5800A2.2(V1.1)"
cpld_map = {0: '0x82', 1: '0x83', 2: '0x84',
3: '0x85', 4: '0x86', 5: '0x87', 6: '0x8E'}
cpld_key = (port_num - 1)/8
cpld_mask = (1 << (port_num - 1) % 8)
# use i2cget cmd to get cpld data
output = os.popen('i2cdetect -l | grep CP')
bus_num = output.read()[4]
cmd = "i2cget -y "+bus_num+" 0x5 "+cpld_map[cpld_key]
tmp = os.popen(cmd).read().replace("\n", "")
cpld_value = int(tmp, 16)
if cpld_value & cpld_mask == 0:
return True
else:
return False
def get_low_power_mode(self, port_num): def get_low_power_mode(self, port_num):
''' '''
# Check for invalid port_num # Check for invalid port_num