• Home
• org.sonarsource.python
• python-checks
• 4.25.0.19056
• source code
• S4721.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.py.rules.python.S4721.html Maven / Gradle / Ivy

This rule is deprecated, and will eventually be removed.
Arbitrary OS command injection vulnerabilities are more likely when a shell is spawned rather than a new process, indeed shell meta-chars can be
used (when parameters are user-controlled for instance) to inject OS commands.
Ask Yourself Whether

  
 OS command name or parameters are user-controlled. 

There is a risk if you answered yes to this question.
Recommended Secure Coding Practices
Use functions that don’t spawn a shell.
Sensitive Code Example
Python 3
subprocess.run(cmd, shell=True)  # Sensitive
subprocess.Popen(cmd, shell=True)  # Sensitive
subprocess.call(cmd, shell=True)  # Sensitive
subprocess.check_call(cmd, shell=True)  # Sensitive
subprocess.check_output(cmd, shell=True)  # Sensitive
os.system(cmd)  # Sensitive: a shell is always spawn

Python 2
cmd = "when a string is passed through these function, a shell is spawn"
(_, child_stdout, _) = os.popen2(cmd)  # Sensitive
(_, child_stdout, _) = os.popen3(cmd)  # Sensitive
(_, child_stdout) = os.popen4(cmd)  # Sensitive


(child_stdout, _) = popen2.popen2(cmd)  # Sensitive
(child_stdout, _, _) = popen2.popen3(cmd)  # Sensitive
(child_stdout, _) = popen2.popen4(cmd)  # Sensitive

Compliant Solution
Python 3
# by default shell=False, a shell is not spawn
subprocess.run(cmd)  # Compliant
subprocess.Popen(cmd)  # Compliant
subprocess.call(cmd)  # Compliant
subprocess.check_call(cmd)  # Compliant
subprocess.check_output(cmd)  # Compliant

# always in a subprocess:
os.spawnl(mode, path, *cmd)  # Compliant
os.spawnle(mode, path, *cmd, env)  # Compliant
os.spawnlp(mode, file, *cmd)  # Compliant
os.spawnlpe(mode, file, *cmd, env)  # Compliant
os.spawnv(mode, path, cmd)  # Compliant
os.spawnve(mode, path, cmd, env)  # Compliant
os.spawnvp(mode, file, cmd)  # Compliant
os.spawnvpe(mode, file, cmd, env)  # Compliant

(child_stdout) = os.popen(cmd, mode, 1)  # Compliant
(_, output) = subprocess.getstatusoutput(cmd)  # Compliant
out = subprocess.getoutput(cmd)  # Compliant
os.startfile(path)  # Compliant
os.execl(path, *cmd)  # Compliant
os.execle(path, *cmd, env)  # Compliant
os.execlp(file, *cmd)  # Compliant
os.execlpe(file, *cmd, env)  # Compliant
os.execv(path, cmd)  # Compliant
os.execve(path, cmd, env)  # Compliant
os.execvp(file, cmd)  # Compliant
os.execvpe(file, cmd, env)  # Compliant

Python 2
cmdsargs = ("use", "a", "sequence", "to", "directly", "start", "a", "subprocess")

(_, child_stdout) = os.popen2(cmdsargs)  # Compliant
(_, child_stdout, _) = os.popen3(cmdsargs)  # Compliant
(_, child_stdout) = os.popen4(cmdsargs)  # Compliant

(child_stdout, _) = popen2.popen2(cmdsargs)  # Compliant
(child_stdout, _, _) = popen2.popen3(cmdsargs)  # Compliant
(child_stdout, _) = popen2.popen4(cmdsargs)  # Compliant

See

  
 OWASP - Top 10 2021 Category A3 - Injection 
  
 OWASP - Top 10 2017 Category A1 - Injection 
  
 CWE - CWE-78 - Improper Neutralization of Special Elements used in an OS Command