This linter searches for use of the popen2
module.
Use of the popen2
module commonly allows for arbitrary code execution
bugs when combined with user input.
import popen2
Instead of using the popen2
module to execute commands, prefer to use the
subprocess
module while ensuring shell=False
.
See Replacing Older Functions with the subprocess
Module.
Arbitrary code execution allows an attacker to perform any action within the context of the system the bug is found. E.g. open a reverse shell to a system of their choosing, install malware by downloading and running a payload, silently log actions performed on the victim system, etc.
Arbitrary code execution bugs are effectively the keys to the castle. We'd like to avoid using the above function because it commonly allows for these types of bugs.
None