openstack
/
bandit
Code Issues Proposed changes

Update documentation 

In patch [0], B605 no longer will return a MEDIUM severity, instead
it will return a LOW severity. However, the documentation was never
updated to match the change [1]. This patch set updates the
documentation to match the update.

[0] 8f74c51935 (diff-5abc40c6b98a9c677ed95d1ffec0ad66L41)
[1] https://docs.openstack.org/bandit/latest/plugins/start_process_with_a_shell.html

Closes-Bug: #1742493

Change-Id: I201c259313aef09b3d68cca54380dc47033a5b26
Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam 2018-01-11 12:43:27 -06:00
parent 71f4df31b6
commit 32c27bdcdf
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bandit/plugins/injection_shell.py
View File

@ -375,7 +375,7 @@ def start_process_with_a_shell(context, config):
invocation is dangerous as it is vulnerable to various shell injection
attacks. Great care should be taken to sanitize all input in order to
mitigate this risk. Calls of this type are identified by the use of certain
commands which are known to use shells. Bandit will report a MEDIUM
commands which are known to use shells. Bandit will report a LOW
severity warning.
See also:
@ -418,7 +418,7 @@ def start_process_with_a_shell(context, config):
.. code-block:: none
>> Issue: Starting a process with a shell: check for injection.
Severity: Medium Confidence: Medium
Severity: Low Confidence: Medium
Location: examples/os_system.py:3
2
3 os.system('/bin/echo hi')