Pattern: Use of subprocess with shell=True
Issue: -
This rule looks for the spawning of a subprocess using a command shell. This type of subprocess
invocation is dangerous as it is vulnerable to various shell injection
attacks. Great care should be taken to sanitize all input in order to mitigate
this risk. Calls of this type are identified by a parameter of shell=True
being given.
Additionally, this rule scans the command string given and adjusts its reported severity based on how it is presented. If the command string is a simple static string containing no special shell characters, then the resulting issue has low severity. If the string is static, but contains shell formatting characters or wildcards, then the reported issue is medium. Finally, if the string is computed using Python's string manipulation or formatting operations, then the reported issue has high severity. These severity levels reflect the likelihood that the code is vulnerable to injection.
Example of insecure code:
import subprocess
subprocess.Popen(['/bin/gcc', '--version'], shell=True)Example of secure code:
import subprocess
subprocess.Popen(['/bin/gcc', '--version'], shell=False)