matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
df93a1be54
sonic-buildimage/platform/mellanox/mlnx-platform-api/sonic_platform
History
Mai Bui 648ca075c7
[device/mellanox] Mitigation for security vulnerability (#11877) 
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [PR (#12065)](https://github.com/sonic-net/sonic-buildimage/pull/12065) needs to merge first.
#### Why I did it
`subprocess.Popen()` and `subprocess.check_output()` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
Disable `shell=True`, enable `shell=False`
#### How to verify it
Tested on DUT, compare and verify the output between the original behavior and the new changes' behavior.
[testresults.zip](https://github.com/sonic-net/sonic-buildimage/files/9550867/testresults.zip)
2022-10-06 17:51:31 -04:00
..
__init__.py [Mellanox] Add NVIDIA Copyright header to "mellanox" files (#8799) 2021-10-17 19:03:02 +03:00
chassis.py [Mellanox] Fix typo in platform API (#12136) 2022-09-28 11:09:18 +03:00
component.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00
cpu_thermal_control.py [Mellanox] Add CPU thermal control for Nvidia platforms (#10202) 2022-03-21 09:54:52 -07:00
device_data.py [Mellanox] Enhance Platform API to support SN2201 - RJ45 ports and new components mgmt. (#10377) 2022-06-20 19:12:20 -07:00
eeprom.py [Mellanox] Refactor Mellanox platform API to support dynamic port configuration (#8422) 2021-10-25 07:59:06 +03:00
fan_drawer.py [Mellanox] Refactor Mellanox platform API to support dynamic port configuration (#8422) 2021-10-25 07:59:06 +03:00
fan.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00
led.py [Mellanox] Allow user to set LED to orange (#9259) 2021-12-08 13:05:10 -08:00
module.py [Mellanox] Refactor Mellanox platform API to support dynamic port configuration (#8422) 2021-10-25 07:59:06 +03:00
pcie.py [Mellanox] Add NVIDIA Copyright header to "mellanox" files (#8799) 2021-10-17 19:03:02 +03:00
platform.py [Mellanox] Refactor Mellanox platform API to support dynamic port configuration (#8422) 2021-10-25 07:59:06 +03:00
psu.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00
sfp_event.py [Mellanox] Enhance Platform API to support SN2201 - RJ45 ports and new components mgmt. (#10377) 2022-06-20 19:12:20 -07:00
sfp.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00
thermal_actions.py [Mellanox] Update NVIDIA License header for files changed since 1.1.2022 (#10289) 2022-03-23 13:19:25 +02:00
thermal_conditions.py [Mellanox] Update NVIDIA License header for files changed since 1.1.2022 (#10289) 2022-03-23 13:19:25 +02:00
thermal_infos.py [Mellanox] Fan speed should not be 100% when PSU is powered off (#9258) 2021-11-24 14:56:00 +02:00
thermal_manager.py [Mellanox] Add CPU thermal control for Nvidia platforms (#10202) 2022-03-21 09:54:52 -07:00
thermal.py [Mellanox] Add CPU thermal control for Nvidia platforms (#10202) 2022-03-21 09:54:52 -07:00
utils.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00
vpd_parser.py [Mellanox] Auto correct PSU voltage threshold (WA) (#10394) 2022-04-14 08:14:40 +03:00
watchdog.py [Mellanox] Add NVIDIA Copyright header to "mellanox" files (#8799) 2021-10-17 19:03:02 +03:00