Merge "Enable subprocess_without_shell_equals_true Bandit test"

bandit.yaml

@@ -74,10 +74,7 @@ profiles:
             - request_with_no_cert_validation
             - set_bad_file_permissions
             - subprocess_popen_with_shell_equals_true
-
-            # TODO:
-            # - subprocess_without_shell_equals_true
-
+            - subprocess_without_shell_equals_true
             - start_process_with_a_shell
             - start_process_with_no_shell
             - start_process_with_partial_path

keystone/contrib/federation/idp.py

@@ -425,7 +425,18 @@ def _sign_assertion(assertion):
             nspair={'saml': saml2.NAMESPACE,
                     'xmldsig': xmldsig.NAMESPACE}))
         command_list.append(file_path)
-        stdout = subprocess.check_output(command_list,
+        stdout = subprocess.check_output(command_list,  # nosec : The contents
+                                         # of the command list are coming from
+                                         # a trusted source because the
+                                         # executable and arguments all either
+                                         # come from the config file or are
+                                         # hardcoded. The command list is
+                                         # initialized earlier in this function
+                                         # to a list and it's still a list at
+                                         # this point in the function. There is
+                                         # no opportunity for an attacker to
+                                         # attempt command injection via string
+                                         # parsing.
                                          stderr=subprocess.STDOUT)
     except Exception as e:
         msg = _LE('Error when signing assertion, reason: %(reason)s%(output)s')