diff --git a/.bandit b/.bandit index b08dfb286a7..fb3580af570 100644 --- a/.bandit +++ b/.bandit @@ -1,3 +1,3 @@ [bandit] -exclude: salt/ext/tornado/* +exclude: salt/ext/tornado/*,tests/minionswarm.py skip: B701 diff --git a/tests/integration/states/test_file.py b/tests/integration/states/test_file.py index ef5186ad73d..7cebcb2f756 100644 --- a/tests/integration/states/test_file.py +++ b/tests/integration/states/test_file.py @@ -2644,16 +2644,12 @@ class FileTest(ModuleCase, SaltReturnAssertsMixin): result = self.run_function("state.sls", mods="issue-8947") if not isinstance(result, dict): raise AssertionError( - ( - "Something went really wrong while testing this sls:" " {}" - ).format(repr(result)) + "Something went really wrong while testing this sls: {!r}".format( + result + ) ) - # difflib produces different output on python 2.6 than on >=2.7 - if sys.version_info < (2, 7): - diff = "--- \n+++ \n@@ -1,1 +1,3 @@\n" - else: - diff = "--- \n+++ \n@@ -1 +1,3 @@\n" - diff += ("+첫 번째 행{0}" " 한국어 시험{0}" "+마지막 행{0}").format(os.linesep) + diff = "--- \n+++ \n@@ -1 +1,3 @@\n" + diff += "+첫 번째 행{0}" " 한국어 시험{0}" "+마지막 행{0}".format(os.linesep) ret = {x.split("_|-")[1]: y for x, y in result.items()} @@ -2676,18 +2672,16 @@ class FileTest(ModuleCase, SaltReturnAssertsMixin): import subprocess import win32api - p = subprocess.Popen( - salt.utils.stringutils.to_str( - "type {}".format(win32api.GetShortPathName(test_file)) - ), - shell=True, + proc = subprocess.run( + ["type", win32api.GetShortPathName(test_file)], stdout=subprocess.PIPE, stderr=subprocess.PIPE, + check=True, + # type is an shell internal command + shell=True, # nosec ) - p.poll() - out = p.stdout.read() self.assertEqual( - out.decode("utf-8"), + proc.stdout.decode("utf-8"), os.linesep.join((korean_2, korean_1, korean_3)) + os.linesep, ) else: diff --git a/tests/integration/utils/test_smb.py b/tests/integration/utils/test_smb.py index ed6e758d876..ab92daff1c9 100644 --- a/tests/integration/utils/test_smb.py +++ b/tests/integration/utils/test_smb.py @@ -106,9 +106,7 @@ class TestSmb(TestCase): user=cls.username, ) ) - cls._smbd = subprocess.Popen( - "{} -FS -P0 -s {}".format(which_smbd(), samba_conf), shell=True - ) + cls._smbd = subprocess.Popen([which_smbd(), "-FS", "-P0", "-s", samba_conf]) time.sleep(1) pidfile = os.path.join(cls.samba_dir, "smbd.pid") with salt.utils.files.fopen(pidfile, "r") as fp: diff --git a/tests/integration/utils/test_win_runas.py b/tests/integration/utils/test_win_runas.py index c0fc249b615..1f02f4691be 100644 --- a/tests/integration/utils/test_win_runas.py +++ b/tests/integration/utils/test_win_runas.py @@ -357,8 +357,14 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) ret = subprocess.call( - "cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), - shell=True, + [ + "cmd.exe", + "/C", + "winrs", + "/r:{}".format(self.hostname), + "python", + RUNAS_PATH, + ] ) self.assertEqual(ret, 1) @@ -379,8 +385,14 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) ret = subprocess.call( - "cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), - shell=True, + [ + "cmd.exe", + "/C", + "winrs", + "/r:{}".format(self.hostname), + "python", + RUNAS_PATH, + ] ) self.assertEqual(ret, 1) @@ -406,8 +418,14 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) ret = subprocess.call( - "cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), - shell=True, + [ + "cmd.exe", + "/C", + "winrs", + "/r:{}".format(self.hostname), + "python", + RUNAS_PATH, + ] ) self.assertEqual(ret, 0) @@ -432,8 +450,14 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) ret = subprocess.call( - "cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), - shell=True, + [ + "cmd.exe", + "/C", + "winrs", + "/r:{}".format(self.hostname), + "python", + RUNAS_PATH, + ] ) self.assertEqual(ret, 0) @@ -448,8 +472,14 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) ret = subprocess.call( - "cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), - shell=True, + [ + "cmd.exe", + "/C", + "winrs", + "/r:{}".format(self.hostname), + "python", + RUNAS_PATH, + ] ) self.assertEqual(ret, 0) @@ -464,8 +494,14 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) ret = subprocess.call( - "cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), - shell=True, + [ + "cmd.exe", + "/C", + "winrs", + "/r:{}".format(self.hostname), + "python", + RUNAS_PATH, + ] ) self.assertEqual(ret, 1) @@ -480,8 +516,14 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) ret = subprocess.call( - "cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), - shell=True, + [ + "cmd.exe", + "/C", + "winrs", + "/r:{}".format(self.hostname), + "python", + RUNAS_PATH, + ] ) self.assertEqual(ret, 1) @@ -489,7 +531,6 @@ class RunAsTest(ModuleCase): "test-runas", on_existing="delete", delete=True, password=PASSWORD ) def test_runas_powershell_remoting(self, username): - psrp_wrap = "powershell Invoke-Command -ComputerName {} -ScriptBlock {{ {} }}" runaspy = textwrap.dedent( """ import sys @@ -503,15 +544,22 @@ class RunAsTest(ModuleCase): ) with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) - cmd = "python.exe {}".format(RUNAS_PATH) - ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) + ret = subprocess.call( + [ + "powershell", + "Invoke-Command", + "-ComputerName", + self.hostname, + "-ScriptBlock", + "{{ python.exe {} }}".format(RUNAS_PATH), + ] + ) self.assertEqual(ret, 1) @with_system_user( "test-runas", on_existing="delete", delete=True, password=PASSWORD ) def test_runas_powershell_remoting_no_pass(self, username): - psrp_wrap = "powershell Invoke-Command -ComputerName {} -ScriptBlock {{ {} }}" runaspy = textwrap.dedent( """ import sys @@ -524,8 +572,16 @@ class RunAsTest(ModuleCase): ) with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) - cmd = "python.exe {}".format(RUNAS_PATH) - ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) + ret = subprocess.call( + [ + "powershell", + "Invoke-Command", + "-ComputerName", + self.hostname, + "-ScriptBlock", + "{{ python.exe {} }}".format(RUNAS_PATH), + ] + ) self.assertEqual(ret, 1) @with_system_user( @@ -552,7 +608,7 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) cmd = "python.exe {}; exit $LASTEXITCODE".format(RUNAS_PATH) - ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) + ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) # nosec self.assertEqual(ret, 0) @with_system_user( @@ -577,7 +633,7 @@ class RunAsTest(ModuleCase): with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: fp.write(runaspy) cmd = "python.exe {}; exit $LASTEXITCODE".format(RUNAS_PATH) - ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) + ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) # nosec self.assertEqual(ret, 0) @with_system_user( @@ -590,8 +646,7 @@ class RunAsTest(ModuleCase): runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, PASSWORD) with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: fp.write(runaspy) - cmd = "python.exe {}".format(RUNAS_PATH) - ret = subprocess.call(cmd, shell=True) + ret = subprocess.call(["python.exe", RUNAS_PATH]) self.assertEqual(ret, 0) win32serviceutil.StartService("test service") wait_for_service("test service") @@ -609,8 +664,7 @@ class RunAsTest(ModuleCase): runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, "") with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: fp.write(runaspy) - cmd = "python.exe {}".format(RUNAS_PATH) - ret = subprocess.call(cmd, shell=True) + ret = subprocess.call(["python.exe", RUNAS_PATH]) self.assertEqual(ret, 0) win32serviceutil.StartService("test service") wait_for_service("test service") @@ -632,8 +686,7 @@ class RunAsTest(ModuleCase): runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, PASSWORD) with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: fp.write(runaspy) - cmd = "python.exe {}".format(RUNAS_PATH) - ret = subprocess.call(cmd, shell=True) + ret = subprocess.call(["python.exe", RUNAS_PATH]) self.assertEqual(ret, 0) win32serviceutil.StartService("test service") wait_for_service("test service") @@ -655,8 +708,7 @@ class RunAsTest(ModuleCase): runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, "") with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: fp.write(runaspy) - cmd = "python.exe {}".format(RUNAS_PATH) - ret = subprocess.call(cmd, shell=True) + ret = subprocess.call(["python.exe", RUNAS_PATH]) self.assertEqual(ret, 0) win32serviceutil.StartService("test service") wait_for_service("test service") @@ -671,8 +723,7 @@ class RunAsTest(ModuleCase): runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), "SYSTEM", "") with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: fp.write(runaspy) - cmd = "python.exe {}".format(RUNAS_PATH) - ret = subprocess.call(cmd, shell=True) + ret = subprocess.call(["python.exe", RUNAS_PATH]) self.assertEqual(ret, 0) win32serviceutil.StartService("test service") wait_for_service("test service") diff --git a/tests/pytests/integration/modules/test_rpmbuild_pkgbuild.py b/tests/pytests/integration/modules/test_rpmbuild_pkgbuild.py index d431d7ad9cb..b4d47c9d0b1 100644 --- a/tests/pytests/integration/modules/test_rpmbuild_pkgbuild.py +++ b/tests/pytests/integration/modules/test_rpmbuild_pkgbuild.py @@ -263,7 +263,7 @@ def gpg_agent_ids(value): @pytest.fixture(params=(True, False), ids=gpg_agent_ids) def gpg_agent(request, gpghome): - gpg_version_proc = subprocess.run( + gpg_version_proc = subprocess.run( # nosec "gpgconf --version | head -n 1 | awk '{ print $3 }'", shell=True, stdout=subprocess.PIPE, @@ -308,7 +308,7 @@ def gpg_agent(request, gpghome): echo_gpg_tty_cmd = "GPG_TTY=$(tty) ; export GPG_TTY ; echo $GPG_TTY=$(tty) > {}".format( gpg_tty_info_path ) - subprocess.run( + subprocess.run( # nosec "{}; {}".format(gpg_agent_cmd, echo_gpg_tty_cmd), shell=True, check=True ) yield