matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
6,933 Commits 33 Branches 17 Tags 294 MiB
1f9ff1ca3d
Commit Graph

4 Commits

Author SHA1 Message Date
Mai Bui
5238bd78af [ruijie] Replace os.system and remove subprocess with shell=True (#12107) 
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
1. `getstatusoutput` is used without a static string and it uses `shell=True`
2. `subprocess()` - when using with `shell=True` is dangerous. Using subprocess function without a static string can lead to command injection.
3. `os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
1. use `getstatusoutput` without shell=True
2. `subprocess()` - use `shell=False` instead. use an array string. Ref: [https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation](https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation)
3. `os` - use with `subprocess`
 2022-12-10 10:33:21 +08:00
Aravind Mani
ac2885a988
[SFP-Refactor] Modify transceiver key name (#9447) 
* Modify transceiever key name

* fix alignment
 2021-12-09 12:38:45 +05:30
pettershao-ragilenetworks
8ceec5c843
[ruijie] Fix show version error info (#7541) 
Fix following crash in `show version`:

```
Traceback (most recent call last):
  File "/usr/local/bin/decode-syseeprom", line 32, in instantiate_eeprom_object
    eeprom = sonic_platform.platform.Platform().get_chassis().get_eeprom()
AttributeError: module 'sonic_platform' has no attribute 'platform'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/decode-syseeprom", line 262, in <module>
    sys.exit(main())
  File "/usr/local/bin/decode-syseeprom", line 244, in main
    print_serial(use_db)
  File "/usr/local/bin/decode-syseeprom", line 169, in print_serial
    eeprom = instantiate_eeprom_object()
  File "/usr/local/bin/decode-syseeprom", line 34, in instantiate_eeprom_object
    log.log_error('Failed to obtain EEPROM object due to {}'.format(repr(e)))
NameError: name 'log' is not defined
```

Signed-off-by: pettershao-ragilenetworks <pettershao@ragilenetworks.com>
 2021-05-06 14:53:20 -07:00
ruijie.com.cn
a582c13e98
[Ruijie] Add ruijie platform & device (#4954) 
Add new platform x86_64-ruijie_b6510-48vs8cq-r0 (Trident 3)
    ASIC Vendor: Broadcom
    Switch ASIC: Trident 3
    Port Config: 48x25G+8x100G

Signed-off-by: tim-rj <sonic_rd@ruijie.com.cn>
 2021-02-24 16:45:27 -08:00