Commit Graph

3 Commits

Author SHA1 Message Date
Mai Bui
6f67a3ac6a
[device/quanta] Mitigation for security vulnerability (#11867)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
`shell=True` is dangerous because this call will spawn the command using a shell process
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
`os` - use with `subprocess`
Use `shell=False` with shell features
- redirection: [https://stackoverflow.com/questions/4965159/how-to-redirect-output-with-subprocess-in-python/6482200#6482200?newreg=53afb91b3ebd47c5930be627fcdf2930](https://stackoverflow.com/questions/4965159/how-to-redirect-output-with-subprocess-in-python/6482200#6482200?newreg=53afb91b3ebd47c5930be627fcdf2930)
- `|` operator: [https://docs.python.org/2/library/subprocess.html#replacing-shell-pipeline](https://docs.python.org/2/library/subprocess.html#replacing-shell-pipeline)
2022-10-19 10:05:36 -04:00
roberthong-qct
234b4973cd
[Quanta] Update files for Bullseye and kernel 5.10 with enhancements (#11755)
* [Quanta][device][platform] Update files for IX7

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX7_BDE

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX8

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX8A_BDE

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX8C

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX9

Signed-off-by: roberthong-qct <10606901@qcttw.com>

Signed-off-by: roberthong-qct <10606901@qcttw.com>
2022-08-23 10:10:08 -07:00
roberthong-qct
95c67d2d55
[Quanta] Add and update platform and device files (#6971)
Add device and platform code for ix7-bwde, ix8a-bwde.
Support platform API 2.0 for all quanta platforms except for ix1b

Co-authored-by: robert.hong <robert.hong@qct.io>
2021-06-21 09:24:41 -07:00