81 os.system("git reset --hard")
82 os.system("git pull")
83 if pip:
84 os.system("pip install -U -r requirements.txt") 85
86 os.execl(sys.executable, sys.executable, "-m", self.__class__.__name__.lower())
87 sys.exit() 79
80 if git_update:
81 os.system("git reset --hard")
82 os.system("git pull") 83 if pip:
84 os.system("pip install -U -r requirements.txt")
85 78 print(c_e)
79
80 if git_update:
81 os.system("git reset --hard") 82 os.system("git pull")
83 if pip:
84 os.system("pip install -U -r requirements.txt")Python possesses many mechanisms to invoke an external executable. If the desired executable path is not fully qualified relative to the filesystem root then this may present a potential security risk.
In POSIX environments, the PATH environment variable is used to specify a set of standard locations that will be searched for the first matching named executable. While convenient, this behavior may allow a malicious actor to exert control over a system. If they are able to adjust the contents of the PATH variable, or manipulate the file system, then a bogus executable may be discovered in place of the desired one. This executable will be invoked with the user privileges of the Python process that spawned it, potentially a highly privileged user.
This test will scan the parameters of all configured Python methods, looking for paths that do not start at the filesystem root, that is, do not have a leading ‘/’ character.
Bad practice
import subprocess
subprocess.run(['calculator', '-u', 'critical', msg], check=True) # Sensitive, Path not qualified from root
Recommended
import subprocess
subprocess.run(['/usr/bin/calculator', '-u', 'critical', msg], check=True) # Path qualified from root
References:
- Bandit B607
- OWASP Top 10 2021 Category A03 - Injection