Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(cherry-pick) Fix: address issues pointed out by Python scanners (#3036) #3045

Merged
merged 1 commit into from
Nov 17, 2023
Merged

(cherry-pick) Fix: address issues pointed out by Python scanners (#3036) #3045

merged 1 commit into from
Nov 17, 2023

Conversation

tswhison
Copy link
Contributor

Description

Our Python scanners point out issues regarding the use of the subprocess module. The issues tend to be in 2 main categories:

  1. The use of subprocess.Popen() directly is discouraged. Instead, the scanners recommend using run, call, or checked_call.

  2. The use of any of the subprocess calls with shell=True is forbidden, because it is prone to code injection attacks. Instead, the scanners require shell=False or omitting shell altogether.

Collateral (docs, reports, design examples, case IDs): Python scans when preparing the release.

  • Document Update Required? (Specify FIM/AFU/Scripts)

Tests added:

Tests run:

CI and manual testing of rtl_src_config.

Fix: address issues pointed out by Python scanners (#3036)
6caeb00 
### Description
Our Python scanners point out issues regarding the use of
the subprocess module. The issues tend to be in 2 main
categories:
1) The use of subprocess.Popen() directly is discouraged.
Instead, the scanners recommend using run, call, or checked_call.

2) The use of any of the subprocess calls with shell=True 
is forbidden, because it is prone to code injection attacks.
Instead, the scanners require shell=False or omitting shell
altogether.

### Collateral (docs, reports, design examples, case IDs):
Python scans when preparing the release.


- [ ] Document Update Required? (Specify FIM/AFU/Scripts)

### Tests added:


### Tests run:
CI and manual testing of rtl_src_config.

Signed-off-by: Tim Whisonant <tim.whisonant@intel.com>
@tswhison tswhison self-assigned this Nov 17, 2023
@tswhison tswhison requested review from a team as code owners November 17, 2023 22:03
@coveralls
Copy link

Pull Request Test Coverage Report for Build 6909513155

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 67.675%
Totals Coverage Status
Change from base Build 6894671306: 0.0%
Covered Lines: 15754
Relevant Lines: 23279
💛 - Coveralls

@tswhison tswhison merged commit 7458404 into master Nov 17, 2023
@tswhison tswhison deleted the tswhison/cp_be8ff84 branch November 17, 2023 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anandaravuri anandaravuri anandaravuri approved these changes

Assignees

@tswhison tswhison

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tswhison @coveralls @anandaravuri