Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-25942

[Security Risk] Avoid using shell=true usage wherever subprocess module is used

    XMLWordPrintableJSON

Details

    • Important

    Description

      Subprocess module allows us to execute command on the shell but usage of shell=true poses a security risk where user inputs with "rm -rf" can cause terrible things.

      To avoid shell-injection vulnerabilities, subprocess can be used without shell=true, by modifying the way input is passed.

      Some of the examples can be found like - https://security.openstack.org/guidelines/dg_avoid-shell-true.html

       

      This Jira is to track the related changes. Please feel free to comment / discuss.

      Attachments

        Issue Links

          links to

          GitHub PR#3729 GitHub PR#3729

          Activity

            People

              Unassigned Unassigned
              Lingaraj Lingaraj Gowdar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m