Change check_output to not use the shell equal to True functionality. (!70) · Merge requests · GitLab.org / security-products / analyzers / gemnasium

Sam Kerr requested to merge shell-commands-false-vrange into master Mar 25, 2020

What does this MR do?

This MR removes the use of shell=True from several Python subprocess calls. This resolves the Critical security vulnerabilities associated with those lines. The code is not doing a complex shell command where shell=True would be needed, so they should set it to False instead.

What are the relevant issue numbers?

None.

Does this MR meet the acceptance criteria?

[-] Changelog entry added
[-] Documentation created/updated for GitLab EE, if necessary
[-] Documentation created/updated for this project, if necessary
[-] Documentation reviewed by technical writer or follow-up review issue created
[-] Tests added for this feature/bug
[-] Job definition updated, if necessary
[-] Conforms to the code review guidelines
[-] Conforms to the Go guidelines
Security reports checked/validated by reviewer

Edited Apr 21, 2023 by 🤖 GitLab Bot 🤖

Change check_output to not use the shell equal to True functionality.

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports