Issue #1: [secaudit,blocking,bandit] subprocess with `shell=True` - joystick

joystick

#1 [secaudit,blocking,bandit] subprocess with `shell=True`

Closed 4 years ago by puiterwijk. Opened 4 years ago by puiterwijk.

In joystick/consumers/fedora_messaging_consumer.py, line 21, subprocess.Popen is being called with shell=True, without any obvious reason as to why.

puiterwijk commented 4 years ago

Note that bandit (static code analysis required to be run by the Fedora Infra Application Security Policy would have caught this with High confidence and High severity.

sayanchowdhury commented 4 years ago

Fixed in https://pagure.io/joystick/c/0ac81d6088c6179ccde7f7462e0724e79494389f?branch=master

Metadata Update from @puiterwijk:
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

joystick

Source Code

#1 [secaudit,blocking,bandit] subprocess with `shell=True` Closed 4 years ago by puiterwijk. Opened 4 years ago by puiterwijk.

Metadata

#1 [secaudit,blocking,bandit] subprocess with `shell=True`

Closed 4 years ago by puiterwijk. Opened 4 years ago by puiterwijk.