Pattern: Starting a process with a partial path
Issue: -
This rule scans the parameters of all configured Python methods, looking
for paths that do not start at the file-system root, that is, do not have a
leading / character.
Python possesses many mechanisms to invoke an external executable. If the desired executable path is not fully qualified relative to the file-system root then this may present a potential security risk.
In POSIX environments, the PATH environment variable is used to specify a set of standard locations that will be searched for the first matching named executable. While convenient, this behavior may allow a malicious actor to exert control over a system. If they are able to adjust the contents of the PATH variable, or manipulate the file system, then a bogus executable may be discovered in place of the desired one. This executable will be invoked with the user privileges of the Python process that spawned it, potentially a highly privileged user.
Example of insecure code:
from subprocess import Popen as pop
pop('gcc --version', shell=False)Example of secure code:
from subprocess import Popen as pop
pop('/bin/gcc --version', shell=False)