yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1732363] Re: Use subprocess securely

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Matt Riedemann <mriedem.os@xxxxxxxxx>
Date: Sun, 10 Nov 2019 21:13:18 -0000
Reply-to: Bug 1732363 <1732363@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm going to invalidate this because the code being pointed out is just
dev/test scripts, not production runtime code. It can be fixed if
someone wants to restore and rework the patch but it's super low
priority IMO.

** Changed in: nova
   Importance: Undecided => Low

** Changed in: nova
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1732363

Title:
  Use subprocess securely

Status in OpenStack Compute (nova):
  Invalid

Bug description:
  Due to https://docs.openstack.org/bandit/latest/plugins/subprocess_popen_with_shell_equals_true.html,
  and reference https://security.openstack.org/guidelines/dg_avoid-shell-true.html and
  https://security.openstack.org/guidelines/dg_use-subprocess-securely.html,
  we should use python pipes to avoid shells and use subprocess more securely.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1732363/+subscriptions

References

[Bug 1732363] [NEW] Use subprocess securely
From: Spencer Yu, 2017-11-15