Luigi is a Python module that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization etc. It also comes with Hadoop support built in.
Apache License 2.0
17.71k
stars
2.39k
forks
source link
Unsafe shell command constructed from library input in `luigi/contrib/lsf.py` #3304
Hi,
I am reporting a potential security issue with an unsafe shell command constructed from library input in https://github.com/spotify/luigi/blob/master/luigi/contrib/lsf.py#L84-L88
I am unsure if the command line is affected by user input, but it would be great to change the behavior and set
shell=False
in case of any input.References