deb-bandit/skip.py at 1.4.0 - deb-bandit - OpenDev: Free Software Needs Free Tools

openstack/deb-bandit

Tim Kelsey 055598028a Adding a test for partial paths in exec functions

When using functions like subprocess.Popen etc to launch an
external executable, the full path should be given. This prevents
an attacker from manipulting the search path or placing a bogus
executable that will be launched instead of the intended one.

Change-Id: I4a11f988bc3e954331ab0f0902ea849c6ec31888

2015-07-02 19:20:16 +01:00

8 lines

273 B

Python

Raw Permalink Blame History

 subprocess.call(["/bin/ls", "-l"])
 subprocess.call(["/bin/ls", "-l"]) #noqa
 subprocess.call(["/bin/ls", "-l"]) # noqa
 subprocess.call(["/bin/ls", "-l"]) # nosec
 subprocess.call(["/bin/ls", "-l"])
 subprocess.call(["/bin/ls", "-l"]) #nosec
 subprocess.call(["/bin/ls", "-l"])