matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
master
sonic-buildimage/platform/broadcom/sonic-platform-modules-ruijie
History
Mai Bui 35c4e9912d
[ruijie] Replace os.system and remove subprocess with shell=True (#12107) 
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
1. `getstatusoutput` is used without a static string and it uses `shell=True`
2. `subprocess()` - when using with `shell=True` is dangerous. Using subprocess function without a static string can lead to command injection.
3. `os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
1. use `getstatusoutput` without shell=True
2. `subprocess()` - use `shell=False` instead. use an array string. Ref: [https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation](https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation)
3. `os` - use with `subprocess`
2022-11-28 12:43:43 -05:00
..
b6510-48vs8cq [ruijie] Replace os.system and remove subprocess with shell=True (#12107) 2022-11-28 12:43:43 -05:00
common [ruijie] Replace os.system and remove subprocess with shell=True (#12107) 2022-11-28 12:43:43 -05:00
debian [Ruijie] Add ruijie platform & device (#4954) 2021-02-24 16:45:27 -08:00
LICENSE [Ruijie] Add ruijie platform & device (#4954) 2021-02-24 16:45:27 -08:00