>/ihSSKrSSKrSSKrSSKJr SSKJr \R"S5rSr Sr Sr \R"S5\R"S 5\R"S 5S 555r\R"S5\R"S 5\R"S 5S 555r\R"S5\R"S 5\R"S5S555r\R"S5\R"S 5\R"S5S555r\R"S5\R"S 5\R"S5S555r\R"S5\R"S 5\R"S5S555rg)N)issue)test_propertiesz^(?:[A-Za-z](?=\:)|[\\\/\.])c"[URRS[R5=(a1 [URRSR [ 5nU(a[R$[R$)Nr) isinstancenodeargsastConstantvaluestrbanditLOWHIGH)context no_formattings X/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/injection_shell.py_evaluate_shell_callrsd !cll6 W\\&&q)// 5zz{{c(US:Xa /SQ/SQ/SQS.$g)Nshell_injection)zsubprocess.Popenzsubprocess.callzsubprocess.check_callzsubprocess.check_outputzsubprocess.run)z os.systemzos.popenz os.popen2z os.popen3z os.popen4z popen2.popen2z popen2.popen3z popen2.popen4z popen2.Popen3z popen2.Popen4zcommands.getoutputzcommands.getstatusoutputzsubprocess.getoutputzsubprocess.getstatusoutput)zos.execlz os.execlez os.execlpz os.execlpezos.execvz os.execvez os.execvpz os.execvpez os.spawnlz os.spawnlez os.spawnlpz os.spawnlpez os.spawnvz os.spawnvez os.spawnvpz os.spawnvpez os.startfile) subprocessshellno_shell)names r gen_configrs)   $;0 0 !rcrURRnSnSUR;GaUGHnURS:XdMURn[ U[ R5(at[ UR[5(d>[ UR[5(d[ UR[5(a[UR5nM[ U[ R5(a[UR5nM[ U[ R5(a[UR5nGM"[ U[ R 5(aUR"S;aSnGMV[ U[ R5(aURnGMSnGM U$)NFr)FalseNoneT)rkeywords call_keywordsargr rr r intfloatcomplexboolListeltsDictkeysNameid)rr resultkeyvals r has_shellr0Qs||$$H F''''Cww'!iic3<<00syy#..!#))U33!#))W55!#))_FSXX..!#((^FSXX..!#((^FSXX..366=N3N"FS\\22 YYF!F%& MrrCallB602c >U(GaURUS;Ga[U5(a[UR5S:a[ U5nU[ R :Xa[[ R"[ R [ R[RRSURS5S9$[ R"[ R[ R[RRSURS5S9$gggg)at**B602: Test for use of popen with shell equals true** Python possesses many mechanisms to invoke an external executable. However, doing so may present a security issue if appropriate care is not taken to sanitize any user provided or variable input. This plugin test is part of a family of tests built to check for process spawning and warn appropriately. Specifically, this test looks for the spawning of a subprocess using a command shell. This type of subprocess invocation is dangerous as it is vulnerable to various shell injection attacks. Great care should be taken to sanitize all input in order to mitigate this risk. Calls of this type are identified by a parameter of 'shell=True' being given. Additionally, this plugin scans the command string given and adjusts its reported severity based on how it is presented. If the command string is a simple static string containing no special shell characters, then the resulting issue has low severity. If the string is static, but contains shell formatting characters or wildcards, then the reported issue is medium. Finally, if the string is computed using Python's string manipulation or formatting operations, then the reported issue has high severity. These severity levels reflect the likelihood that the code is vulnerable to injection. See also: - :doc:`../plugins/linux_commands_wildcard_injection` - :doc:`../plugins/subprocess_without_shell_equals_true` - :doc:`../plugins/start_process_with_no_shell` - :doc:`../plugins/start_process_with_a_shell` - :doc:`../plugins/start_process_with_partial_path` **Config Options:** This plugin test shares a configuration with others in the same family, namely `shell_injection`. This configuration is divided up into three sections, `subprocess`, `shell` and `no_shell`. They each list Python calls that spawn subprocesses, invoke commands within a shell, or invoke commands without a shell (by replacing the calling process) respectively. This plugin specifically scans for methods listed in `subprocess` section that have shell=True specified. .. code-block:: yaml shell_injection: # Start a process using the subprocess module, or one of its wrappers. subprocess: - subprocess.Popen - subprocess.call :Example: .. code-block:: none >> Issue: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: ./examples/subprocess_shell.py:21 20 subprocess.check_call(['/bin/ls', '-l'], shell=False) 21 subprocess.check_call('/bin/ls -l', shell=True) 22 >> Issue: call with shell=True contains special shell characters, consider moving extra logic into Python code Severity: Medium Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: ./examples/subprocess_shell.py:26 25 26 subprocess.Popen('/bin/ls *', shell=True) 27 subprocess.Popen('/bin/ls %s' % ('something',), shell=True) >> Issue: subprocess call with shell=True identified, security issue. Severity: High Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: ./examples/subprocess_shell.py:27 26 subprocess.Popen('/bin/ls *', shell=True) 27 subprocess.Popen('/bin/ls %s' % ('something',), shell=True) 28 subprocess.Popen('/bin/ls {}'.format('something'), shell=True) .. seealso:: - https://security.openstack.org - https://docs.python.org/3/library/subprocess.html#frequently-used-arguments - https://security.openstack.org/guidelines/dg_use-subprocess-securely.html - https://security.openstack.org/guidelines/dg_avoid-shell-true.html - https://cwe.mitre.org/data/definitions/78.html .. versionadded:: 0.9.0 .. versionchanged:: 1.7.3 CWE information added rrznsubprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shellrseverity confidencecwetextlinenoz;subprocess call with shell=True identified, security issue.N) call_function_name_qualr0len call_argsrr rIssuerrCweOS_COMMAND_INJECTIONget_lineno_for_call_argrconfigsevs r'subprocess_popen_with_shell_equals_truerDksL'11VL5II W  7$$%)*73&**$!<>wG"<>wG * JvrB603c U(aURUS;al[U5(d[[R"[R[R [ RRSURS5S9$ggg)a **B603: Test for use of subprocess without shell equals true** Python possesses many mechanisms to invoke an external executable. However, doing so may present a security issue if appropriate care is not taken to sanitize any user provided or variable input. This plugin test is part of a family of tests built to check for process spawning and warn appropriately. Specifically, this test looks for the spawning of a subprocess without the use of a command shell. This type of subprocess invocation is not vulnerable to shell injection attacks, but care should still be taken to ensure validity of input. Because this is a lesser issue than that described in `subprocess_popen_with_shell_equals_true` a LOW severity warning is reported. See also: - :doc:`../plugins/linux_commands_wildcard_injection` - :doc:`../plugins/subprocess_popen_with_shell_equals_true` - :doc:`../plugins/start_process_with_no_shell` - :doc:`../plugins/start_process_with_a_shell` - :doc:`../plugins/start_process_with_partial_path` **Config Options:** This plugin test shares a configuration with others in the same family, namely `shell_injection`. This configuration is divided up into three sections, `subprocess`, `shell` and `no_shell`. They each list Python calls that spawn subprocesses, invoke commands within a shell, or invoke commands without a shell (by replacing the calling process) respectively. This plugin specifically scans for methods listed in `subprocess` section that have shell=False specified. .. code-block:: yaml shell_injection: # Start a process using the subprocess module, or one of its wrappers. subprocess: - subprocess.Popen - subprocess.call :Example: .. code-block:: none >> Issue: subprocess call - check for execution of untrusted input. Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: ./examples/subprocess_shell.py:23 22 23 subprocess.check_output(['/bin/ls', '-l']) 24 .. seealso:: - https://security.openstack.org - https://docs.python.org/3/library/subprocess.html#frequently-used-arguments - https://security.openstack.org/guidelines/dg_avoid-shell-true.html - https://security.openstack.org/guidelines/dg_use-subprocess-securely.html - https://cwe.mitre.org/data/definitions/78.html .. versionadded:: 0.9.0 .. versionchanged:: 1.7.3 CWE information added rz9subprocess call - check for execution of untrusted input.rr4N) r:r0r r=rrrr>r?r@rrBs r$subprocess_without_shell_equals_truerHsqT'11VL5II!!<<!;;II2266w?  "JvrB604c U(aURUS;al[U5(a[[R"[R[R [ RRSURS5S9$ggg)a **B604: Test for any function with shell equals true** Python possesses many mechanisms to invoke an external executable. However, doing so may present a security issue if appropriate care is not taken to sanitize any user provided or variable input. This plugin test is part of a family of tests built to check for process spawning and warn appropriately. Specifically, this plugin test interrogates method calls for the presence of a keyword parameter `shell` equalling true. It is related to detection of shell injection issues and is intended to catch custom wrappers to vulnerable methods that may have been created. See also: - :doc:`../plugins/linux_commands_wildcard_injection` - :doc:`../plugins/subprocess_popen_with_shell_equals_true` - :doc:`../plugins/subprocess_without_shell_equals_true` - :doc:`../plugins/start_process_with_no_shell` - :doc:`../plugins/start_process_with_a_shell` - :doc:`../plugins/start_process_with_partial_path` **Config Options:** This plugin test shares a configuration with others in the same family, namely `shell_injection`. This configuration is divided up into three sections, `subprocess`, `shell` and `no_shell`. They each list Python calls that spawn subprocesses, invoke commands within a shell, or invoke commands without a shell (by replacing the calling process) respectively. Specifically, this plugin excludes those functions listed under the subprocess section, these methods are tested in a separate specific test plugin and this exclusion prevents duplicate issue reporting. .. code-block:: yaml shell_injection: # Start a process using the subprocess module, or one of its wrappers. subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output execute_with_timeout] :Example: .. code-block:: none >> Issue: Function call with shell=True parameter identified, possible security issue. Severity: Medium Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: ./examples/subprocess_shell.py:9 8 pop('/bin/gcc --version', shell=True) 9 Popen('/bin/gcc --version', shell=True) 10 .. seealso:: - https://security.openstack.org/guidelines/dg_avoid-shell-true.html - https://security.openstack.org/guidelines/dg_use-subprocess-securely.html - https://cwe.mitre.org/data/definitions/78.html .. versionadded:: 0.9.0 .. versionchanged:: 1.7.3 CWE information added rzLFunction call with shell=True parameter identified, possible security issue.rr4N) r:r0r r=MEDIUMrrr>r?r@rGs r)any_other_function_with_shell_equals_truerL@sqR'11 9MM W  <<!::II22+66w?   NvrB605cU(aURUS;a[UR5S:a[U5nU[R :XaK[R "[R [R[RRSS9$[R "[R[R[RRSS9$ggg)aY **B605: Test for starting a process with a shell** Python possesses many mechanisms to invoke an external executable. However, doing so may present a security issue if appropriate care is not taken to sanitize any user provided or variable input. This plugin test is part of a family of tests built to check for process spawning and warn appropriately. Specifically, this test looks for the spawning of a subprocess using a command shell. This type of subprocess invocation is dangerous as it is vulnerable to various shell injection attacks. Great care should be taken to sanitize all input in order to mitigate this risk. Calls of this type are identified by the use of certain commands which are known to use shells. Bandit will report a LOW severity warning. See also: - :doc:`../plugins/linux_commands_wildcard_injection` - :doc:`../plugins/subprocess_without_shell_equals_true` - :doc:`../plugins/start_process_with_no_shell` - :doc:`../plugins/start_process_with_partial_path` - :doc:`../plugins/subprocess_popen_with_shell_equals_true` **Config Options:** This plugin test shares a configuration with others in the same family, namely `shell_injection`. This configuration is divided up into three sections, `subprocess`, `shell` and `no_shell`. They each list Python calls that spawn subprocesses, invoke commands within a shell, or invoke commands without a shell (by replacing the calling process) respectively. This plugin specifically scans for methods listed in `shell` section. .. code-block:: yaml shell_injection: shell: - os.system - os.popen - os.popen2 - os.popen3 - os.popen4 - popen2.popen2 - popen2.popen3 - popen2.popen4 - popen2.Popen3 - popen2.Popen4 - commands.getoutput - commands.getstatusoutput - subprocess.getoutput - subprocess.getstatusoutput :Example: .. code-block:: none >> Issue: Starting a process with a shell: check for injection. Severity: Low Confidence: Medium CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: examples/os_system.py:3 2 3 os.system('/bin/echo hi') .. seealso:: - https://security.openstack.org - https://docs.python.org/3/library/os.html#os.system - https://docs.python.org/3/library/subprocess.html#frequently-used-arguments - https://security.openstack.org/guidelines/dg_use-subprocess-securely.html - https://cwe.mitre.org/data/definitions/78.html .. versionadded:: 0.10.0 .. versionchanged:: 1.7.3 CWE information added rrzoStarting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shellr5r6r7r8zMStarting a process with a shell, possible injection detected, security issue.N) r:r;r<rr rr=rrr>r?rAs rstart_process_with_a_shellrPsb'11VG_D w  !A %&w/Cfjj ||#ZZ%{{ 667 ||#[[%{{ 661  &EvrB606cU(a_URUS;aK[R"[R[R[ R RSS9$gg)a@ **B606: Test for starting a process with no shell** Python possesses many mechanisms to invoke an external executable. However, doing so may present a security issue if appropriate care is not taken to sanitize any user provided or variable input. This plugin test is part of a family of tests built to check for process spawning and warn appropriately. Specifically, this test looks for the spawning of a subprocess in a way that doesn't use a shell. Although this is generally safe, it maybe useful for penetration testing workflows to track where external system calls are used. As such a LOW severity message is generated. See also: - :doc:`../plugins/linux_commands_wildcard_injection` - :doc:`../plugins/subprocess_without_shell_equals_true` - :doc:`../plugins/start_process_with_a_shell` - :doc:`../plugins/start_process_with_partial_path` - :doc:`../plugins/subprocess_popen_with_shell_equals_true` **Config Options:** This plugin test shares a configuration with others in the same family, namely `shell_injection`. This configuration is divided up into three sections, `subprocess`, `shell` and `no_shell`. They each list Python calls that spawn subprocesses, invoke commands within a shell, or invoke commands without a shell (by replacing the calling process) respectively. This plugin specifically scans for methods listed in `no_shell` section. .. code-block:: yaml shell_injection: no_shell: - os.execl - os.execle - os.execlp - os.execlpe - os.execv - os.execve - os.execvp - os.execvpe - os.spawnl - os.spawnle - os.spawnlp - os.spawnlpe - os.spawnv - os.spawnve - os.spawnvp - os.spawnvpe - os.startfile :Example: .. code-block:: none >> Issue: [start_process_with_no_shell] Starting a process without a shell. Severity: Low Confidence: Medium CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: examples/os-spawn.py:8 7 os.spawnv(mode, path, args) 8 os.spawnve(mode, path, args, env) 9 os.spawnvp(mode, file, args) .. seealso:: - https://security.openstack.org - https://docs.python.org/3/library/os.html#os.system - https://docs.python.org/3/library/subprocess.html#frequently-used-arguments - https://security.openstack.org/guidelines/dg_use-subprocess-securely.html - https://cwe.mitre.org/data/definitions/78.html .. versionadded:: 0.10.0 .. versionchanged:: 1.7.3 CWE information added rz#Starting a process without a shell.rON)r:r r=rrKrr>r?rGs rstart_process_with_no_shellrSsQj'11VJ5GG||ZZ}} ..6   HvrB607cU(Ga_[UR5(GaCURUS;d'URUS;dURUS;GaURRSn[ U[ R5(a UR(aURSn[ U[ R5(a[ UR[5(ap[RUR5(dK[R"[R [R"[$R&R(SS9$gggggg)a **B607: Test for starting a process with a partial path** Python possesses many mechanisms to invoke an external executable. If the desired executable path is not fully qualified relative to the filesystem root then this may present a potential security risk. In POSIX environments, the `PATH` environment variable is used to specify a set of standard locations that will be searched for the first matching named executable. While convenient, this behavior may allow a malicious actor to exert control over a system. If they are able to adjust the contents of the `PATH` variable, or manipulate the file system, then a bogus executable may be discovered in place of the desired one. This executable will be invoked with the user privileges of the Python process that spawned it, potentially a highly privileged user. This test will scan the parameters of all configured Python methods, looking for paths that do not start at the filesystem root, that is, do not have a leading '/' character. **Config Options:** This plugin test shares a configuration with others in the same family, namely `shell_injection`. This configuration is divided up into three sections, `subprocess`, `shell` and `no_shell`. They each list Python calls that spawn subprocesses, invoke commands within a shell, or invoke commands without a shell (by replacing the calling process) respectively. This test will scan parameters of all methods in all sections. Note that methods are fully qualified and de-aliased prior to checking. .. code-block:: yaml shell_injection: # Start a process using the subprocess module, or one of its wrappers. subprocess: - subprocess.Popen - subprocess.call # Start a process with a function vulnerable to shell injection. shell: - os.system - os.popen - popen2.Popen3 - popen2.Popen4 - commands.getoutput - commands.getstatusoutput # Start a process with a function that is not vulnerable to shell injection. no_shell: - os.execl - os.execle :Example: .. code-block:: none >> Issue: Starting a process with a partial executable path Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: ./examples/partial_path_process.py:3 2 from subprocess import Popen as pop 3 pop('gcc --version', shell=False) .. seealso:: - https://security.openstack.org - https://docs.python.org/3/library/os.html#process-management - https://cwe.mitre.org/data/definitions/78.html .. versionadded:: 0.13.0 .. versionchanged:: 1.7.3 CWE information added rrrrz1Starting a process with a partial executable pathrON)r;r<r:rrrr r'r(r r r full_path_matchmatchr r=rrrr>r?)rrBrs rstart_process_with_partial_pathrXZs d#g''((  + +vl/C C..&/A..&2DD<<$$Q'D$))diiyy|4..tzz3//'--djj99||#ZZ%{{ 66L :0/E )vr)r rer bandit.corerrtestcompilerVrrr0 takes_configcheckstest_idrDrHrLrPrSrXrrrr`s  /**<=2 j4$%Vfy&yx$%VfP&Pf$%VfO&Od$%Vfa&aH$%VfX &X v$%Vfe&er