API

Unsafe execution of shell commands

Docs > Code Analysis > Static Analysis Rules > Unsafe execution of shell commands

Metadata

ID: python-security/asyncio-subprocess-create-shell

Language: Python

Severity: Error

Category: Security

Description

Detect unsafe shell execution in the asyncio framework. When we invoke the shell, we should make sure that the data is safe and secure. Use shlex to sanitize user inputs.

Learn More

Non-Compliant Code Examples

import asyncio

def handler(event, context):
    # Should sanitize arguments
    async_loop.run_until_complete(async_loop.create_subprocess_shell("mycommand"))

Compliant Code Examples

import asyncio
import shlex

def handler(event, context):
    # Should sanitize arguments
    async_loop.run_until_complete(async_loop.create_subprocess_shell(shlex.escape("mycommand")))

How to use this rule

1
2
rulesets:
  - python-security     # Rules to enforce Python security.

Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines
Get feedback on your code

For more information, please read the Code Analysis documentation

VS Code Extension

Identify code vulnerabilities directly in your
VS Code editor

JetBrains Plugin

Identify code vulnerabilities directly in
JetBrains products