Skip to content
This repository has been archived by the owner on Dec 9, 2022. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
framework: Do not use dangerous shell=True
  • Loading branch information
bachradsusi committed Jun 21, 2016
1 parent 9f728f8 commit e69378d
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 8 deletions.
3 changes: 3 additions & 0 deletions framework/NEWS
@@ -1,3 +1,6 @@
setroubleshoot 3.2.27 2016-06-21
- Do not use dangerous shell=True

setroubleshoot 3.2.26.2 2016-06-03
- bugfix

Expand Down
2 changes: 1 addition & 1 deletion framework/configure.ac
@@ -1,4 +1,4 @@
AC_INIT([setroubleshoot], [3.2.26.2],
AC_INIT([setroubleshoot], [3.2.27],
[http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=setroubleshoot])

AC_CONFIG_SRCDIR(src/setroubleshoot/__init__.py)
Expand Down
8 changes: 3 additions & 5 deletions framework/src/setroubleshoot/audit_data.py
Expand Up @@ -864,12 +864,10 @@ def _set_tpath(self):
else:
if path.startswith("/") == False and inodestr:
import subprocess
command = "locate -b '\%s'" % path
command = ["locate", "-b", "\%s" % path]
try:
output = subprocess.check_output(command,
stderr=subprocess.STDOUT,
shell=True)
ino = int(inodestr)
output = subprocess.check_output(command,
stderr=subprocess.STDOUT)
for file in output.split("\n"):
try:
if int(os.lstat(file).st_ino) == ino:
Expand Down
4 changes: 2 additions & 2 deletions framework/src/setroubleshoot/signature.py
Expand Up @@ -520,11 +520,11 @@ def format_details(self, replace=False):
audit2allow = "/usr/bin/audit2allow"
if os.path.exist(audit2allow):
newbuf = "\n\naudit2allow"
p = Popen([audit2allow], shell=True,stdin=PIPE, stdout=PIPE)
p = Popen([audit2allow], stdin=PIPE, stdout=PIPE)
newbuf += p.communicate(avcbuf)[0]
if os.path.exists("/var/lib/sepolgen/interface_info"):
newbuf += "\naudit2allow -R"
p = Popen(["%s -R" % audit2allow ], shell=True,stdin=PIPE, stdout=PIPE)
p = Popen([audit2allow, "-R"], stdin=PIPE, stdout=PIPE)
newbuf += p.communicate(avcbuf)[0]
avcbuf += newbuf
except:
Expand Down

0 comments on commit e69378d

Please sign in to comment.