Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @checks_calls
- def subprocess_popen_with_shell_equals_true(context):
- if (context.call_function_name_qual == 'subprocess.Popen' or
- context.call_function_name_qual == 'utils.execute' or
- context.call_function_name_qual == 'utils.execute_with_timeout'):
- if context.check_call_arg_value('shell') == 'True':
- return(bandit.ERROR, 'Popen call with shell=True '
- 'identified, security issue. %s' %
- context.call_args_string)
- @checks_calls
- def any_other_function_with_shell_equals_true(context):
- # Alerts on any function call that includes a shell=True parameter
- # (multiple 'helpers' with varying names have been identified across
- # various OpenStack projects).
- if context.call_function_name_qual != 'subprocess.Popen':
- if context.check_call_arg_value('shell') == 'True':
- return(bandit.WARN, 'Function call with shell=True '
- 'parameter identified, possible security issue. %s' %
- context.call_args_string)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement