34144381d0
- Add a new section "shell_injection" to the config file. - Read subprocess functions from config in "injection_shell.py". - Check all process-starting calls in "injection_wildcard.py". - Avoid double-counting of subprocess.Popen(shell=True) and others. - Check for cPickle and marshal. - Don't flag `pickle.dumps`, since `import pickle` triggers a message. - Update a handful of examples and tests. Change-Id: I041c7d8a30658b177e88d1664bb9dcf08367d7f7
25 lines
587 B
Python
25 lines
587 B
Python
import subprocess
|
|
from subprocess import Popen as pop
|
|
|
|
|
|
def Popen(*args, **kwargs):
|
|
print('hi')
|
|
|
|
pop('gcc --version', shell=True)
|
|
Popen('gcc --version', shell=True)
|
|
|
|
subprocess.Popen('gcc --version', shell=True)
|
|
subprocess.Popen(['gcc', '--version'], shell=False)
|
|
subprocess.Popen(['gcc', '--version'])
|
|
|
|
subprocess.call(["ls",
|
|
"-l"
|
|
])
|
|
subprocess.call('ls -l', shell=True)
|
|
|
|
subprocess.check_call(['ls', '-l'], shell=False)
|
|
subprocess.check_call('ls -l', shell=True)
|
|
|
|
subprocess.check_output(['ls', '-l'])
|
|
subprocess.check_output('ls -l', shell=True)
|