-
Notifications
You must be signed in to change notification settings - Fork 691
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove os.system duo to security vulnerabilities #3720
base: master
Are you sure you want to change the base?
Conversation
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
/azpw run Azure.sonic-utilities |
thanks for fixing this vulnerable issue, pls follow up with test failure |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
acbee44
to
b78ad5b
Compare
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
All checks passed, and also unit tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
cmd="systemctl restart snmp" | ||
os.system (cmd) | ||
cmd = ["systemctl", "restart", "snmp"] | ||
getstatusoutput_noshell(cmd) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can replace os.system
with subprocess.call
, suggested in python doc https://docs.python.org/3/library/subprocess.html#replacing-os-system
What I did
"os.system()" uses shell invocation to execute dangerous commands without a static string that can lead to command injection.
How I did it
pass list of strings to subprocess() - use shell=False instead.
How to verify it
pass UT
Previous command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)