saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-07 04:51:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Address Bandit's B602(subprocess_popen_with_shell_equals_true) on the test suite

Browse source
This commit is contained in:
Pedro Algarvio 2021-01-28 09:22:18 +00:00 committed by Megan Wilhite
parent fd9f9e94f8
commit dc131a9369
5 changed files with 98 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.bandit
View file

@ -1,3 +1,3 @@
[bandit]
exclude: salt/ext/tornado/*
exclude: salt/ext/tornado/*,tests/minionswarm.py
skip: B701

28
tests/integration/states/test_file.py
View file

@ -2644,16 +2644,12 @@ class FileTest(ModuleCase, SaltReturnAssertsMixin):
result = self.run_function("state.sls", mods="issue-8947")
if not isinstance(result, dict):
raise AssertionError(
(
"Something went really wrong while testing this sls:" " {}"
).format(repr(result))
"Something went really wrong while testing this sls: {!r}".format(
result
)
)
# difflib produces different output on python 2.6 than on >=2.7
if sys.version_info < (2, 7):
diff = "--- \n+++ \n@@ -1,1 +1,3 @@\n"
else:
diff = "--- \n+++ \n@@ -1 +1,3 @@\n"
diff += ("+첫 번째 행{0}" " 한국어 시험{0}" "+마지막 행{0}").format(os.linesep)
diff = "--- \n+++ \n@@ -1 +1,3 @@\n"
diff += "+첫 번째 행{0}" " 한국어 시험{0}" "+마지막 행{0}".format(os.linesep)
ret = {x.split("_|-")[1]: y for x, y in result.items()}
@ -2676,18 +2672,16 @@ class FileTest(ModuleCase, SaltReturnAssertsMixin):
import subprocess
import win32api
p = subprocess.Popen(
salt.utils.stringutils.to_str(
"type {}".format(win32api.GetShortPathName(test_file))
),
shell=True,
proc = subprocess.run(
["type", win32api.GetShortPathName(test_file)],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
check=True,
# type is an shell internal command
shell=True, # nosec
)
p.poll()
out = p.stdout.read()
self.assertEqual(
out.decode("utf-8"),
proc.stdout.decode("utf-8"),
os.linesep.join((korean_2, korean_1, korean_3)) + os.linesep,
)
else:

4
tests/integration/utils/test_smb.py
View file

@ -106,9 +106,7 @@ class TestSmb(TestCase):
user=cls.username,
)
)
cls._smbd = subprocess.Popen(
"{} -FS -P0 -s {}".format(which_smbd(), samba_conf), shell=True
)
cls._smbd = subprocess.Popen([which_smbd(), "-FS", "-P0", "-s", samba_conf])
time.sleep(1)
pidfile = os.path.join(cls.samba_dir, "smbd.pid")
with salt.utils.files.fopen(pidfile, "r") as fp:

115
tests/integration/utils/test_win_runas.py
View file

@ -357,8 +357,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH),
shell=True,
[
"cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
)
self.assertEqual(ret, 1)
@ -379,8 +385,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH),
shell=True,
[
"cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
)
self.assertEqual(ret, 1)
@ -406,8 +418,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH),
shell=True,
[
"cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
)
self.assertEqual(ret, 0)
@ -432,8 +450,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH),
shell=True,
[
"cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
)
self.assertEqual(ret, 0)
@ -448,8 +472,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH),
shell=True,
[
"cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
)
self.assertEqual(ret, 0)
@ -464,8 +494,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH),
shell=True,
[
"cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
)
self.assertEqual(ret, 1)
@ -480,8 +516,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH),
shell=True,
[
"cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
)
self.assertEqual(ret, 1)
@ -489,7 +531,6 @@ class RunAsTest(ModuleCase):
"test-runas", on_existing="delete", delete=True, password=PASSWORD
)
def test_runas_powershell_remoting(self, username):
psrp_wrap = "powershell Invoke-Command -ComputerName {} -ScriptBlock {{ {} }}"
runaspy = textwrap.dedent(
"""
import sys
@ -503,15 +544,22 @@ class RunAsTest(ModuleCase):
)
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH)
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True)
ret = subprocess.call(
[
"powershell",
"Invoke-Command",
"-ComputerName",
self.hostname,
"-ScriptBlock",
"{{ python.exe {} }}".format(RUNAS_PATH),
]
)
self.assertEqual(ret, 1)
@with_system_user(
"test-runas", on_existing="delete", delete=True, password=PASSWORD
)
def test_runas_powershell_remoting_no_pass(self, username):
psrp_wrap = "powershell Invoke-Command -ComputerName {} -ScriptBlock {{ {} }}"
runaspy = textwrap.dedent(
"""
import sys
@ -524,8 +572,16 @@ class RunAsTest(ModuleCase):
)
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH)
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True)
ret = subprocess.call(
[
"powershell",
"Invoke-Command",
"-ComputerName",
self.hostname,
"-ScriptBlock",
"{{ python.exe {} }}".format(RUNAS_PATH),
]
)
self.assertEqual(ret, 1)
@with_system_user(
@ -552,7 +608,7 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
cmd = "python.exe {}; exit $LASTEXITCODE".format(RUNAS_PATH)
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True)
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) # nosec
self.assertEqual(ret, 0)
@with_system_user(
@ -577,7 +633,7 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy)
cmd = "python.exe {}; exit $LASTEXITCODE".format(RUNAS_PATH)
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True)
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) # nosec
self.assertEqual(ret, 0)
@with_system_user(
@ -590,8 +646,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, PASSWORD)
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH)
ret = subprocess.call(cmd, shell=True)
ret = subprocess.call(["python.exe", RUNAS_PATH])
self.assertEqual(ret, 0)
win32serviceutil.StartService("test service")
wait_for_service("test service")
@ -609,8 +664,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, "")
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH)
ret = subprocess.call(cmd, shell=True)
ret = subprocess.call(["python.exe", RUNAS_PATH])
self.assertEqual(ret, 0)
win32serviceutil.StartService("test service")
wait_for_service("test service")
@ -632,8 +686,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, PASSWORD)
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH)
ret = subprocess.call(cmd, shell=True)
ret = subprocess.call(["python.exe", RUNAS_PATH])
self.assertEqual(ret, 0)
win32serviceutil.StartService("test service")
wait_for_service("test service")
@ -655,8 +708,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, "")
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH)
ret = subprocess.call(cmd, shell=True)
ret = subprocess.call(["python.exe", RUNAS_PATH])
self.assertEqual(ret, 0)
win32serviceutil.StartService("test service")
wait_for_service("test service")
@ -671,8 +723,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), "SYSTEM", "")
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH)
ret = subprocess.call(cmd, shell=True)
ret = subprocess.call(["python.exe", RUNAS_PATH])
self.assertEqual(ret, 0)
win32serviceutil.StartService("test service")
wait_for_service("test service")

4
tests/pytests/integration/modules/test_rpmbuild_pkgbuild.py
View file

@ -263,7 +263,7 @@ def gpg_agent_ids(value):
@pytest.fixture(params=(True, False), ids=gpg_agent_ids)
def gpg_agent(request, gpghome):
gpg_version_proc = subprocess.run(
gpg_version_proc = subprocess.run( # nosec
"gpgconf --version | head -n 1 | awk '{ print $3 }'",
shell=True,
stdout=subprocess.PIPE,
@ -308,7 +308,7 @@ def gpg_agent(request, gpghome):
echo_gpg_tty_cmd = "GPG_TTY=$(tty) ; export GPG_TTY ; echo $GPG_TTY=$(tty) > {}".format(
gpg_tty_info_path
)
subprocess.run(
subprocess.run( # nosec
"{}; {}".format(gpg_agent_cmd, echo_gpg_tty_cmd), shell=True, check=True
)
yield