-
Notifications
You must be signed in to change notification settings - Fork 664
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[show][barefoot] replace shell=True #2699
Conversation
Signed-off-by: maipbui <[email protected]>
show/plugins/barefoot.py
Outdated
r'-maxdepth 1 -type d -name install_\*_profile ' + opts + '| sed ' | ||
r's%/opt/bfn/install_\\\(.\*\\\)_profile%\\1%', shell=True) | ||
cmd0 = ['docker', 'exec', '-it', 'syncd', 'find', '/opt/bfn', '-mindepth', '1',\ | ||
r'-maxdepth', '1', r'-type', 'd', r'-name', r'install_\*_profile', opts] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
show/plugins/barefoot.py
Outdated
r'-maxdepth 1 -type d -name install_\*_profile ' + opts + '| sed ' | ||
r's%/opt/bfn/install_\\\(.\*\\\)_profile%\\1%', shell=True) | ||
cmd0 = ['docker', 'exec', '-it', 'syncd', 'find', '/opt/bfn', '-mindepth', '1',\ | ||
r'-maxdepth', '1', r'-type', 'd', r'-name', r'install_\*_profile', opts] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
show/plugins/barefoot.py
Outdated
r'-maxdepth 1 -type d -name install_\*_profile ' + opts + '| sed ' | ||
r's%/opt/bfn/install_\\\(.\*\\\)_profile%\\1%', shell=True) | ||
cmd0 = ['docker', 'exec', '-it', 'syncd', 'find', '/opt/bfn', '-mindepth', '1',\ | ||
r'-maxdepth', '1', r'-type', 'd', r'-name', r'install_\*_profile', opts] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signed-off-by: maipbui <[email protected]>
/azp run Azure.sonic-utilities |
Azure Pipelines successfully started running 1 pipeline(s). |
@oleksandrx-kolomeiets Could you help review? |
Signed-off-by: maipbui <[email protected]>
@oleksandrx-kolomeiets could you help review? |
Signed-off-by: Mai Bui <[email protected]>
Update sonic-utilities submodule pointer to include the following: * 88ffb167 [config]config reload should generate sysinfo if missing ([sonic-net#2778](sonic-net/sonic-utilities#2778)) * 7443b9e5 [sonic-package-manager] support extension with multiple YANG modules ([sonic-net#2752](sonic-net/sonic-utilities#2752)) * 522c3a9e [sonic-package-manager] add support for multiple CLI plugin files ([sonic-net#2753](sonic-net/sonic-utilities#2753)) * b38fcfd1 [show][muxcable] fix RC ([sonic-net#2812](sonic-net/sonic-utilities#2812)) * 7e24463f [chassis]: remote cli commands infra for sonic chassis ([sonic-net#2701](sonic-net/sonic-utilities#2701)) * bee593e4 [DPB]Fixing typo in config breakout output ([sonic-net#2802](sonic-net/sonic-utilities#2802)) * ada603c5 [config]Support multi-asic Golden Config override ([sonic-net#2738](sonic-net/sonic-utilities#2738)) * 88a7daa8 [show][barefoot] replace shell=True ([sonic-net#2699](sonic-net/sonic-utilities#2699)) * 5e99edb5 [sonic_package_manager] replace shell=True ([sonic-net#2726](sonic-net/sonic-utilities#2726)) * b547bb45 [acl-loader] Only add default deny rule when table is L3 or L3V6 ([sonic-net#2796](sonic-net/sonic-utilities#2796)) Signed-off-by: dprital <[email protected]>
Signed-off-by: maipbui [email protected]
What I did
subprocess()
- when using withshell=True
is dangerous. Using subprocess function without a static string can lead to command injection.How I did it
subprocess()
- useshell=False
instead, use list of strings Ref: https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigationHow to verify it
Previous command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)