Detect unsafe shell execution in the asyncio framework. When we invoke the shell, we should make sure that the data is safe and secure. Use shlex to sanitize user inputs.
importasynciodefhandler(event,context):# Should sanitize argumentsasync_loop.run_until_complete(async_loop.subprocess_exec(waiting_protocol,["/bin/sh","mycommand"]))
Compliant Code Examples
importasyncioimportshlexdefhandler(event,context):# Should sanitize argumentsasync_loop.run_until_complete(async_loop.subprocess_exec(waiting_protocol,shlex.split(shlex.quote("/bin/sh mycommand"))))
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- python-security # Rules to enforce Python security.