matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
e89456b3d9
sonic-buildimage/device/mellanox/x86_64-mlnx_msn2700-r0/plugins
History
Mai Bui 648ca075c7
[device/mellanox] Mitigation for security vulnerability (#11877) 
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [PR (#12065)](https://github.com/sonic-net/sonic-buildimage/pull/12065) needs to merge first.
#### Why I did it
`subprocess.Popen()` and `subprocess.check_output()` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
Disable `shell=True`, enable `shell=False`
#### How to verify it
Tested on DUT, compare and verify the output between the original behavior and the new changes' behavior.
[testresults.zip](https://github.com/sonic-net/sonic-buildimage/files/9550867/testresults.zip)
2022-10-06 17:51:31 -04:00
..
eeprom.py [Mellanox] Add NVIDIA Copyright header to "mellanox" files (#8799) 2021-10-17 19:03:02 +03:00
fanutil.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00
psuutil.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00
sfplpmget.py [Mellanox] Add NVIDIA Copyright header to "mellanox" files (#8799) 2021-10-17 19:03:02 +03:00
sfplpmset.py [Mellanox] Add NVIDIA Copyright header to "mellanox" files (#8799) 2021-10-17 19:03:02 +03:00
sfpreset.py [Mellanox] Add NVIDIA Copyright header to "mellanox" files (#8799) 2021-10-17 19:03:02 +03:00
sfputil.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00
thermalutil.py [device/mellanox] Mitigation for security vulnerability (#11877) 2022-10-06 17:51:31 -04:00