Issue #5: [secaudit,blocking] subprocess output used as-is to log without being interpreted - joystick

joystick

#5 [secaudit,blocking] subprocess output used as-is to log without being interpreted

Closed 4 years ago by puiterwijk. Opened 4 years ago by puiterwijk.

In joystick/consumers/fedora_messaging_consumer.py, line 21, subprocess.Popen is being called without encoding, text or universal_newlines arguments, which mean they will return raw byte values.
The output from stdout and stderr is later logged straight into _log.debug, which means that this may either crash or provide raw bytes to the underlying logging handler depending on the specific bytes contained in the output.

sayanchowdhury commented 4 years ago

Will handle this when moving the code to subprocess.run

Metadata Update from @puiterwijk:
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

joystick

Source Code

#5 [secaudit,blocking] subprocess output used as-is to log without being interpreted Closed 4 years ago by puiterwijk. Opened 4 years ago by puiterwijk.

Metadata

#5 [secaudit,blocking] subprocess output used as-is to log without being interpreted

Closed 4 years ago by puiterwijk. Opened 4 years ago by puiterwijk.