Unsafe execution of shell commands
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: python-security/asyncio-subprocess-exec
Language: Python
Severity: Error
Category: Security
CWE: 78
Description
Detect unsafe shell execution in the asyncio framework. When we invoke the shell, we should make sure that the data is safe and secure. Use shlex
to sanitize user inputs.
Learn More
Non-Compliant Code Examples
import asyncio
def handler(event, context):
# Should sanitize arguments
async_loop.run_until_complete(async_loop.subprocess_exec(waiting_protocol, ["/bin/sh", "mycommand"]))
Compliant Code Examples
import asyncio
import shlex
def handler(event, context):
# Should sanitize arguments
async_loop.run_until_complete(async_loop.subprocess_exec(waiting_protocol, shlex.split(shlex.quote("/bin/sh mycommand"))))