Skip to content
This repository was archived by the owner on Dec 9, 2022. It is now read-only.

Commit e69378d

Browse files
committed
framework: Do not use dangerous shell=True
1 parent 9f728f8 commit e69378d

File tree

4 files changed

+9
-8
lines changed

4 files changed

+9
-8
lines changed

Diff for: framework/NEWS

+3
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
setroubleshoot 3.2.27 2016-06-21
2+
- Do not use dangerous shell=True
3+
14
setroubleshoot 3.2.26.2 2016-06-03
25
- bugfix
36

Diff for: framework/configure.ac

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
AC_INIT([setroubleshoot], [3.2.26.2],
1+
AC_INIT([setroubleshoot], [3.2.27],
22
[http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=setroubleshoot])
33

44
AC_CONFIG_SRCDIR(src/setroubleshoot/__init__.py)

Diff for: framework/src/setroubleshoot/audit_data.py

+3-5
Original file line numberDiff line numberDiff line change
@@ -864,12 +864,10 @@ def _set_tpath(self):
864864
else:
865865
if path.startswith("/") == False and inodestr:
866866
import subprocess
867-
command = "locate -b '\%s'" % path
867+
command = ["locate", "-b", "\%s" % path]
868868
try:
869-
output = subprocess.check_output(command,
870-
stderr=subprocess.STDOUT,
871-
shell=True)
872-
ino = int(inodestr)
869+
output = subprocess.check_output(command,
870+
stderr=subprocess.STDOUT)
873871
for file in output.split("\n"):
874872
try:
875873
if int(os.lstat(file).st_ino) == ino:

Diff for: framework/src/setroubleshoot/signature.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -520,11 +520,11 @@ def format_details(self, replace=False):
520520
audit2allow = "/usr/bin/audit2allow"
521521
if os.path.exist(audit2allow):
522522
newbuf = "\n\naudit2allow"
523-
p = Popen([audit2allow], shell=True,stdin=PIPE, stdout=PIPE)
523+
p = Popen([audit2allow], stdin=PIPE, stdout=PIPE)
524524
newbuf += p.communicate(avcbuf)[0]
525525
if os.path.exists("/var/lib/sepolgen/interface_info"):
526526
newbuf += "\naudit2allow -R"
527-
p = Popen(["%s -R" % audit2allow ], shell=True,stdin=PIPE, stdout=PIPE)
527+
p = Popen([audit2allow, "-R"], stdin=PIPE, stdout=PIPE)
528528
newbuf += p.communicate(avcbuf)[0]
529529
avcbuf += newbuf
530530
except:

0 commit comments

Comments
 (0)