Bandit: Remove bandit B604 from skip list

Remove B604 (any_other_function_with_shell_equals_true), so use subprocess.Popen with the default shell=False, thus removing the shell parameter of common.utils.subprocess Popen method. Depends-On: https://review.opendev.org/c/915991 Change-Id: I1857e982211c4de29b3e24ec2485ea9c17c98b10
2024-04-11 10:24:09 +02:00 · 2024-04-11 10:24:09 +02:00 · 85808693ec
parent d782a868d7
commit 85808693ec
2 changed files with 6 additions and 7 deletions
--- a/neutron/common/utils.py
+++ b/neutron/common/utils.py
@ -129,12 +129,12 @@ def _subprocess_setup():
    signal.signal(signal.SIGPIPE, signal.SIG_DFL)


-def subprocess_popen(args, stdin=None, stdout=None, stderr=None, shell=False,
-                     env=None, preexec_fn=_subprocess_setup, close_fds=True):
+def subprocess_popen(args, stdin=None, stdout=None, stderr=None, env=None,
+                     preexec_fn=_subprocess_setup, close_fds=True):

-    return subprocess.Popen(args, shell=shell, stdin=stdin, stdout=stdout,
-                            stderr=stderr, preexec_fn=preexec_fn,
-                            close_fds=close_fds, env=env)
+    return subprocess.Popen(args, stdin=stdin, stdout=stdout, stderr=stderr,
+                            preexec_fn=preexec_fn, close_fds=close_fds,
+                            env=env)


 def get_first_host_ip(net, ip_version):
--- a/tox.ini
+++ b/tox.ini
@ -222,8 +222,7 @@ import_exceptions = neutron._i18n
 [testenv:bandit]
 deps = {[testenv:pep8]deps}
 # B104: Possible binding to all interfaces
-# B604: any_other_function_with_shell_equals_true
-commands = bandit -r neutron -x tests -n5 -s B104,B604
+commands = bandit -r neutron -x tests -n5 -s B104

 [testenv:bashate]
 deps = {[testenv:pep8]deps}