You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello! This is somewhat related to a Pull Request I opened. I'm checking for security issues in a few projects and noticed that this one uses shell=True for checking the output on the monitoring commands.
>> Issue: subprocess call with shell=True identified, security issue.
Severity: High Confidence: High
Location: glances/glances/core/glances_monitor_list.py:138
134 if self.command(i) is not None:
135 # Execute the user command line
136 try:
137 self.__monitor_list[i]['result'] = subprocess.check_output(self.command(i),
138 shell=True)
This could be problematic, especially if the configuration file is not properly sanitized or the command includes some illegal characters. Here's a Stack Overflow discussion and a blog post related to problems with shell=True.
The text was updated successfully, but these errors were encountered:
Hello! This is somewhat related to a Pull Request I opened. I'm checking for security issues in a few projects and noticed that this one uses
shell=True
for checking the output on the monitoring commands.This could be problematic, especially if the configuration file is not properly sanitized or the command includes some illegal characters. Here's a Stack Overflow discussion and a blog post related to problems with
shell=True
.The text was updated successfully, but these errors were encountered: