[consutil] replace shell=True #2725
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: maipbui <[email protected]>
qiluo-msft
reviewed
Mar 7, 2023
consutil/lib.py
Outdated
| @@ -276,7 +277,7 @@ def init_device_prefix(): | |||
| @staticmethod | |||
| def list_console_ttys(): | |||
| """Lists all console tty devices""" | |||
| cmd = "ls " + SysInfoProvider.DEVICE_PREFIX + "*" | |||
| cmd = ["ls", SysInfoProvider.DEVICE_PREFIX, "*"] | |||
qiluo-msft
reviewed
Mar 7, 2023
consutil/lib.py
Outdated
| @@ -326,15 +329,23 @@ def _parse_processes_info(output): | |||
|
|
|||
| @staticmethod | |||
| def run_command(cmd, abort=True): | |||
Signed-off-by: maipbui <[email protected]>
qiluo-msft
approved these changes
Mar 9, 2023
|
@maipbui can you help fill the PR description templete? The change is looks good to me. |
Blueve
requested changes
Mar 21, 2023
Sure, I updated PR description, could you check? |
Blueve
approved these changes
Jun 7, 2023
pdhruv-marvell
pushed a commit
to pdhruv-marvell/sonic-utilities
that referenced
this pull request
Aug 23, 2023
#### What I did `subprocess()` - when using with `shell=True` is dangerous. Using subprocess function without a static string can lead to command injection. #### How I did it `subprocess()` - use `shell=False` instead, use list of strings Ref: [https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation](https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation) #### How to verify it Pass UT Signed-off-by: maipbui <[email protected]>
lizhijianrd
added a commit
that referenced
this pull request
Jun 9, 2024
**What I did?** 1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True #2725, * cannot be treated as wildcard correctly). ``` admin@sonic:~$ show line ls: cannot access '/dev/C0-*': No such file or directory ``` 2. Enhance UT to avoid regression mentioned in 1. 3. Fix incorrect statement in UT. 4. Fix critical Flake8 error. **How to verify it** 1. Verified on Nokia-7215 MC0 device. 2. Verified by UT Sign-Off By: Zhijian Li <[email protected]>
mssonicbld
pushed a commit
to mssonicbld/sonic-utilities
that referenced
this pull request
Jun 11, 2024
**What I did?** 1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True sonic-net#2725, * cannot be treated as wildcard correctly). ``` admin@sonic:~$ show line ls: cannot access '/dev/C0-*': No such file or directory ``` 2. Enhance UT to avoid regression mentioned in 1. 3. Fix incorrect statement in UT. 4. Fix critical Flake8 error. **How to verify it** 1. Verified on Nokia-7215 MC0 device. 2. Verified by UT Sign-Off By: Zhijian Li <[email protected]>
mssonicbld
pushed a commit
that referenced
this pull request
Jun 11, 2024
**What I did?** 1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True #2725, * cannot be treated as wildcard correctly). ``` admin@sonic:~$ show line ls: cannot access '/dev/C0-*': No such file or directory ``` 2. Enhance UT to avoid regression mentioned in 1. 3. Fix incorrect statement in UT. 4. Fix critical Flake8 error. **How to verify it** 1. Verified on Nokia-7215 MC0 device. 2. Verified by UT Sign-Off By: Zhijian Li <[email protected]>
mssonicbld
pushed a commit
to mssonicbld/sonic-utilities
that referenced
this pull request
Jun 11, 2024
**What I did?** 1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True sonic-net#2725, * cannot be treated as wildcard correctly). ``` admin@sonic:~$ show line ls: cannot access '/dev/C0-*': No such file or directory ``` 2. Enhance UT to avoid regression mentioned in 1. 3. Fix incorrect statement in UT. 4. Fix critical Flake8 error. **How to verify it** 1. Verified on Nokia-7215 MC0 device. 2. Verified by UT Sign-Off By: Zhijian Li <[email protected]>
mssonicbld
pushed a commit
that referenced
this pull request
Jun 12, 2024
**What I did?** 1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True #2725, * cannot be treated as wildcard correctly). ``` admin@sonic:~$ show line ls: cannot access '/dev/C0-*': No such file or directory ``` 2. Enhance UT to avoid regression mentioned in 1. 3. Fix incorrect statement in UT. 4. Fix critical Flake8 error. **How to verify it** 1. Verified on Nokia-7215 MC0 device. 2. Verified by UT Sign-Off By: Zhijian Li <[email protected]>
arfeigin
pushed a commit
to arfeigin/sonic-utilities
that referenced
this pull request
Jun 16, 2024
**What I did?** 1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True sonic-net#2725, * cannot be treated as wildcard correctly). ``` admin@sonic:~$ show line ls: cannot access '/dev/C0-*': No such file or directory ``` 2. Enhance UT to avoid regression mentioned in 1. 3. Fix incorrect statement in UT. 4. Fix critical Flake8 error. **How to verify it** 1. Verified on Nokia-7215 MC0 device. 2. Verified by UT Sign-Off By: Zhijian Li <[email protected]>
mssonicbld
pushed a commit
to mssonicbld/sonic-utilities
that referenced
this pull request
Jun 20, 2024
**What I did?** 1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True sonic-net#2725, * cannot be treated as wildcard correctly). ``` admin@sonic:~$ show line ls: cannot access '/dev/C0-*': No such file or directory ``` 2. Enhance UT to avoid regression mentioned in 1. 3. Fix incorrect statement in UT. 4. Fix critical Flake8 error. **How to verify it** 1. Verified on Nokia-7215 MC0 device. 2. Verified by UT Sign-Off By: Zhijian Li <[email protected]>
mssonicbld
pushed a commit
that referenced
this pull request
Jul 12, 2024
**What I did?** 1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True #2725, * cannot be treated as wildcard correctly). ``` admin@sonic:~$ show line ls: cannot access '/dev/C0-*': No such file or directory ``` 2. Enhance UT to avoid regression mentioned in 1. 3. Fix incorrect statement in UT. 4. Fix critical Flake8 error. **How to verify it** 1. Verified on Nokia-7215 MC0 device. 2. Verified by UT Sign-Off By: Zhijian Li <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What I did
subprocess()- when using withshell=Trueis dangerous. Using subprocess function without a static string can lead to command injection.How I did it
subprocess()- useshell=Falseinstead, use list of strings Ref: https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigationHow to verify it
Pass UT
Previous command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)