Remove shell=True for actions (following Bandit issue report) #1851

b597acf1 · nicolargo · fe7e3dff · b597acf1
隐藏空白更改
内联并排

Showing with 4 addition and 4 deletion

glances/actions.py glances/actions.py +4 -4

未找到文件。
--- a/glances/actions.py
+++ b/glances/actions.py
@@ -2,7 +2,7 @@
 #
 # This file is part of Glances.
 #
-# Copyright (C) 2019 Nicolargo <nicolas@nicolargo.com>
+# Copyright (C) 2021 Nicolargo <nicolas@nicolargo.com>
 #
 # Glances is free software; you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published by
@@ -94,10 +94,10 @@ class GlancesActions(object):
            logger.info("Action triggered for {} ({}): {}".format(stat_name,
                                                                  criticity,
                                                                  cmd_full))
-            logger.debug("Stats value for the trigger: {}".format(
-                mustache_dict))
+            logger.debug("Action will be executed with the following command: \
+                subprocess.Popen({}, shell=False)".format(cmd_full.split(' ')))
            try:
-                Popen(cmd_full, shell=True)
+                Popen(cmd_full.split(' '), shell=False)
            except OSError as e:
                logger.error("Can't execute the action ({})".format(e))