8f74c51935
This commit removes our logic that checks for special characters in shell injection tests. Really, all we care about is whether format string characters are being used - if so we're probably taking some kind of user input. If not, it doesn't matter whether we're calling something with special characters. Change-Id: I7e6a8c45a25608e3a8ab8a7eca8d8f2de5dd9837 Closes-Bug: #1650393
34 lines
948 B
Python
34 lines
948 B
Python
import subprocess
|
|
from subprocess import Popen as pop
|
|
|
|
|
|
def Popen(*args, **kwargs):
|
|
print('hi')
|
|
|
|
pop('/bin/gcc --version', shell=True)
|
|
Popen('/bin/gcc --version', shell=True)
|
|
|
|
subprocess.Popen('/bin/gcc --version', shell=True)
|
|
subprocess.Popen(['/bin/gcc', '--version'], shell=False)
|
|
subprocess.Popen(['/bin/gcc', '--version'])
|
|
|
|
subprocess.call(["/bin/ls",
|
|
"-l"
|
|
])
|
|
subprocess.call('/bin/ls -l', shell=True)
|
|
|
|
subprocess.check_call(['/bin/ls', '-l'], shell=False)
|
|
subprocess.check_call('/bin/ls -l', shell=True)
|
|
|
|
subprocess.check_output(['/bin/ls', '-l'])
|
|
subprocess.check_output('/bin/ls -l', shell=True)
|
|
|
|
subprocess.Popen('/bin/ls *', shell=True)
|
|
subprocess.Popen('/bin/ls %s' % ('something',), shell=True)
|
|
subprocess.Popen('/bin/ls {}'.format('something'), shell=True)
|
|
|
|
command = "/bin/ls" + unknown_function()
|
|
subprocess.Popen(command, shell=True)
|
|
|
|
subprocess.Popen('/bin/ls && cat /etc/passwd', shell=True)
|