Our Python scanners point out issues regarding the use of
the subprocess module. The issues tend to be in 2 main
categories:
1) The use of subprocess.Popen() directly is discouraged.
Instead, the scanners recommend using run, call, or checked_call.
2) The use of any of the subprocess calls with shell=True
is forbidden, because it is prone to code injection attacks.
Instead, the scanners require shell=False or omitting shell
altogether.
Collateral (docs, reports, design examples, case IDs):
Description
Our Python scanners point out issues regarding the use of the subprocess module. The issues tend to be in 2 main categories: 1) The use of subprocess.Popen() directly is discouraged. Instead, the scanners recommend using run, call, or checked_call.
2) The use of any of the subprocess calls with shell=True is forbidden, because it is prone to code injection attacks. Instead, the scanners require shell=False or omitting shell altogether.
Collateral (docs, reports, design examples, case IDs):
Python scans when preparing the release.
Tests added:
Tests run: