Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWE-78 - subprocess.run with shell=true #9

Open
mocsharp opened this issue Jan 7, 2025 · 0 comments
Open

CWE-78 - subprocess.run with shell=true #9

mocsharp opened this issue Jan 7, 2025 · 0 comments
Assignees
@mocsharp
Labels
security

Comments

@mocsharp
Copy link
Collaborator

mocsharp commented Jan 7, 2025

Wheeltamer reported the following high severity issues:

Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: WHEEL_UNPACKED_DIR/holoscan_cli-0.0.0a0.dev22+vchangtestpypi.4dd8512/holoscan_cli/common/dockerutils.py:524:11
523             ["nvidia-smi --query-gpu name --format=csv,noheader | grep nvgpu -q"],
524             shell=True,
525         )
526         result = proc.returncode
527         return result == 0

>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: WHEEL_UNPACKED_DIR/holoscan_cli-0.0.0a0.dev22+vchangtestpypi.4dd8512/holoscan_cli/common/utils.py:65:11
64          """
65          proc = subprocess.Popen(cmd, universal_newlines=True, shell=True)
66          return proc.wait()

>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: WHEEL_UNPACKED_DIR/holoscan_cli-0.0.0a0.dev22+vchangtestpypi.4dd8512/holoscan_cli/common/utils.py:79:11
78          """
79          proc = subprocess.run(cmd, capture_output=True, text=True, shell=True)
80          return proc.stdout
@mocsharp mocsharp self-assigned this Jan 7, 2025
mocsharp added a commit that referenced this issue Jan 7, 2025
@mocsharp
gh-9 Fix Wheeltamer issues
6e03063 
Signed-off-by: Victor Chang <[email protected]>
mocsharp added a commit that referenced this issue Jan 7, 2025
@mocsharp
gh-9 Address CWE-78 reported by Wheeltamer
557227a 
Signed-off-by: Victor Chang <[email protected]>
mocsharp added a commit that referenced this issue Jan 8, 2025
@mocsharp
gh-9 Fix Wheeltamer issues
a9abff8 
Signed-off-by: Victor Chang <[email protected]>
mocsharp added a commit that referenced this issue Jan 8, 2025
@mocsharp
gh-9 Address CWE-78 reported by Wheeltamer
358fd05 
Signed-off-by: Victor Chang <[email protected]>
mocsharp added a commit that referenced this issue Jan 9, 2025
@mocsharp
gh-9 Address CWE-78 reported by Wheeltamer
3c0fb9f 
Signed-off-by: Victor Chang <[email protected]>
mocsharp added a commit that referenced this issue Jan 9, 2025
@mocsharp
gh-9 Address CWE-78 reported by Wheeltamer (#10)
1ab2512 
Signed-off-by: Victor Chang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mocsharp mocsharp

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mocsharp