python-2.7securitybandit-python

Starting a process with a shell, possible injection detected, security issue


Usingbandit for checking the code for vulnerability issues.

https://docs.openstack.org/bandit/1.4.0/plugins/start_process_with_a_shell.html

How to go about resolving this? Is there an alternative to using commands library( i.e commands.getoutput)? Please advise.

( python 2.7)
New to this security field, kindly update the tags if these aren't appropriate.

Here it says, https://github.com/openstack/bandit/blob/master/bandit/plugins/injection_shell.py#L62

commands.getoutput is vulnerable, but doesn't suggest a replacement! Ugh!

Could sombebody please recommend a solution to this. Thank you.


Solution

  • The only solution I have found is , marking tests which you know for sure to be false flags with the --no-sec flag. This will omit that particular test from bandit's checks/