From 57e333e40a05ad2fddb9a7948906d84a4a44f438 Mon Sep 17 00:00:00 2001 From: Mai Bui Date: Fri, 28 Oct 2022 12:37:51 -0700 Subject: [PATCH] [sonic-bgpcfgd] Replace getstatusoutput function (#12535) Signed-off-by: maipbui #### Why I did it `getstatusoutput()` function from `subprocess` module has shell injection issue because it includes `shell=True` in the implementation #### How I did it Use `getstatusoutput_noshell()` from sonic_py_common library #### How to verify it Tested in DUT --- src/sonic-bgpcfgd/bgpmon/bgpmon.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/sonic-bgpcfgd/bgpmon/bgpmon.py b/src/sonic-bgpcfgd/bgpmon/bgpmon.py index 928f72fc34..b4b97a8d64 100755 --- a/src/sonic-bgpcfgd/bgpmon/bgpmon.py +++ b/src/sonic-bgpcfgd/bgpmon/bgpmon.py @@ -23,12 +23,12 @@ Description: bgpmon.py -- populating bgp related information in stateDB. is a need to perform update or the peer is stale to be removed from the state DB """ -import subprocess import json import os import syslog from swsscommon import swsscommon import time +from sonic_py_common.general import getstatusoutput_noshell PIPE_BATCH_MAX_COUNT = 50 @@ -72,8 +72,8 @@ class BgpStateGet: # Get a new snapshot of BGP neighbors and store them in the "new" location def get_all_neigh_states(self): - cmd = "vtysh -c 'show bgp summary json'" - rc, output = subprocess.getstatusoutput(cmd) + cmd = ["vtysh", "-c", 'show bgp summary json'] + rc, output = getstatusoutput_noshell(cmd) if rc: syslog.syslog(syslog.LOG_ERR, "*ERROR* Failed with rc:{} when execute: {}".format(rc, cmd)) return