Skip to content
Permalink
Browse files

framework: Do not use dangerous shell=True

  • Loading branch information...
bachradsusi committed Jun 15, 2016
1 parent 9f728f8 commit e69378d7e82a503534d29c5939fa219341e8f2ad
@@ -1,3 +1,6 @@
setroubleshoot 3.2.27 2016-06-21
- Do not use dangerous shell=True

setroubleshoot 3.2.26.2 2016-06-03
- bugfix

@@ -1,4 +1,4 @@
AC_INIT([setroubleshoot], [3.2.26.2],
AC_INIT([setroubleshoot], [3.2.27],
[http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=setroubleshoot])

AC_CONFIG_SRCDIR(src/setroubleshoot/__init__.py)
@@ -864,12 +864,10 @@ def _set_tpath(self):
else:
if path.startswith("/") == False and inodestr:
import subprocess
command = "locate -b '\%s'" % path
command = ["locate", "-b", "\%s" % path]
try:
output = subprocess.check_output(command,
stderr=subprocess.STDOUT,
shell=True)
ino = int(inodestr)
output = subprocess.check_output(command,
stderr=subprocess.STDOUT)
for file in output.split("\n"):
try:
if int(os.lstat(file).st_ino) == ino:
@@ -520,11 +520,11 @@ def format_details(self, replace=False):
audit2allow = "/usr/bin/audit2allow"
if os.path.exist(audit2allow):
newbuf = "\n\naudit2allow"
p = Popen([audit2allow], shell=True,stdin=PIPE, stdout=PIPE)
p = Popen([audit2allow], stdin=PIPE, stdout=PIPE)
newbuf += p.communicate(avcbuf)[0]
if os.path.exists("/var/lib/sepolgen/interface_info"):
newbuf += "\naudit2allow -R"
p = Popen(["%s -R" % audit2allow ], shell=True,stdin=PIPE, stdout=PIPE)
p = Popen([audit2allow, "-R"], stdin=PIPE, stdout=PIPE)
newbuf += p.communicate(avcbuf)[0]
avcbuf += newbuf
except:

0 comments on commit e69378d

Please sign in to comment.
You can’t perform that action at this time.