[device/marvell] Mitigation for security vulnerability #11876
Conversation
Signed-off-by: maipbui <[email protected]>
|
This pull request introduces 6 alerts and fixes 4 when merging 9a05f34 into 3bf1abb - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <[email protected]>
|
This pull request introduces 2 alerts and fixes 5 when merging a455cae into 3bf1abb - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <[email protected]>
|
This pull request introduces 1 alert and fixes 1 when merging 3702046 into 3bf1abb - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <[email protected]>
Signed-off-by: maipbui <[email protected]>
|
This pull request introduces 1 alert and fixes 1 when merging db35a2a into 092e039 - view on LGTM.com new alerts:
fixed alerts:
|
device/marvell/arm64-marvell_db98cx8580_32cd-r0/plugins/sfputil.py
Outdated
Show resolved
Hide resolved
device/marvell/x86_64-marvell_db98cx8580_16cd-r0/plugins/sfputil.py
Outdated
Show resolved
Hide resolved
device/marvell/x86_64-marvell_db98cx8580_32cd-r0/plugins/sfputil.py
Outdated
Show resolved
Hide resolved
Signed-off-by: maipbui <[email protected]>
Signed-off-by: maipbui <[email protected]>
Signed-off-by: maipbui <[email protected]>
|
This pull request introduces 1 alert and fixes 1 when merging 076bac8 into 88191b0 - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <[email protected]>
Signed-off-by: maipbui <[email protected]>
|
@Sabareesh-Kumar-Anandan @antony-rheneus @shilimkarvg Could you help verify and review this PR? |
Signed-off-by: maipbui <[email protected]>
|
This pull request fixes 1 alert when merging ccc7e52 into 38cc35f - view on LGTM.com fixed alerts:
|
Signed-off-by: maipbui <[email protected]>
|
This pull request fixes 1 alert when merging 072d8e9 into 7d1b99a - view on LGTM.com fixed alerts:
|
Signed-off-by: maipbui <[email protected]>
Signed-off-by: maipbui <[email protected]>
|
This pull request fixes 1 alert when merging e2aef69 into a1b50ca - view on LGTM.com fixed alerts:
|
| cmd1 = ['grep', '--null-data', 'U-Boot', '/dev/mtd0ro'] | ||
| cmd2 = ['head', '-1'] | ||
| cmd3 = ['cut', '-d', ' ', '-f2-4'] | ||
| with subprocess.Popen(cmd1, universal_newlines=True, stdout=subprocess.PIPE) as p1: |
Nokia's folder should be in a separate PR. In reply to: 1249925323 In reply to: 1249925323 Refers to: platform/marvell-armhf/sonic-platform-nokia/7215/sonic_platform/chassis.py:9 in e2aef69. [](commit_id = e2aef69, deletion_comment = False) |
|
This pull request fixes 1 alert when merging fd912a9 into 1effff9 - view on LGTM.com fixed alerts:
|
Signed-off-by: maipbui <[email protected]>
|
This pull request fixes 1 alert when merging 11cf6d9 into 1f0699f - view on LGTM.com fixed alerts:
|
|
@antony-rheneus Could you help review and verify? |
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
#### Why I did it `os` and `commands` modules are not secure against maliciously constructed input `getstatusoutput` is detected without a static string, uses `shell=True` #### How I did it Eliminate the use of `os` and `commands` Use `subprocess` instead
#### Why I did it `os` and `commands` modules are not secure against maliciously constructed input `getstatusoutput` is detected without a static string, uses `shell=True` #### How I did it Eliminate the use of `os` and `commands` Use `subprocess` instead
Signed-off-by: maipbui [email protected]
Dependency: PR (#12065) needs to merge first.
Why I did it
osandcommandsmodules are not secure against maliciously constructed inputgetstatusoutputis detected without a static string, usesshell=TrueHow I did it
Eliminate the use of
osandcommandsUse
subprocessinsteadHow to verify it
Which release branch to backport (provide reason below if selected)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)