saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-10 14:51:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Address Bandit's B602(subprocess_popen_with_shell_equals_true) on the test suite

Browse source
This commit is contained in:
Pedro Algarvio 2021-01-28 09:22:18 +00:00 committed by Megan Wilhite
parent fd9f9e94f8
commit dc131a9369
5 changed files with 98 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.bandit
View file

@ -1,3 +1,3 @@
[bandit] [bandit]
exclude: salt/ext/tornado/* exclude: salt/ext/tornado/*,tests/minionswarm.py
skip: B701 skip: B701

28
tests/integration/states/test_file.py
View file

@ -2644,16 +2644,12 @@ class FileTest(ModuleCase, SaltReturnAssertsMixin):
result = self.run_function("state.sls", mods="issue-8947") result = self.run_function("state.sls", mods="issue-8947")
if not isinstance(result, dict): if not isinstance(result, dict):
raise AssertionError( raise AssertionError(
( "Something went really wrong while testing this sls: {!r}".format(
"Something went really wrong while testing this sls:" " {}" result
).format(repr(result)) )
) )
# difflib produces different output on python 2.6 than on >=2.7 diff = "--- \n+++ \n@@ -1 +1,3 @@\n"
if sys.version_info < (2, 7): diff += "+첫 번째 행{0}" " 한국어 시험{0}" "+마지막 행{0}".format(os.linesep)
diff = "--- \n+++ \n@@ -1,1 +1,3 @@\n"
else:
diff = "--- \n+++ \n@@ -1 +1,3 @@\n"
diff += ("+첫 번째 행{0}" " 한국어 시험{0}" "+마지막 행{0}").format(os.linesep)
ret = {x.split("_|-")[1]: y for x, y in result.items()} ret = {x.split("_|-")[1]: y for x, y in result.items()}
@ -2676,18 +2672,16 @@ class FileTest(ModuleCase, SaltReturnAssertsMixin):
import subprocess import subprocess
import win32api import win32api
p = subprocess.Popen( proc = subprocess.run(
salt.utils.stringutils.to_str( ["type", win32api.GetShortPathName(test_file)],
"type {}".format(win32api.GetShortPathName(test_file))
),
shell=True,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE,
check=True,
# type is an shell internal command
shell=True, # nosec
) )
p.poll()
out = p.stdout.read()
self.assertEqual( self.assertEqual(
out.decode("utf-8"), proc.stdout.decode("utf-8"),
os.linesep.join((korean_2, korean_1, korean_3)) + os.linesep, os.linesep.join((korean_2, korean_1, korean_3)) + os.linesep,
) )
else: else:

4
tests/integration/utils/test_smb.py
View file

@ -106,9 +106,7 @@ class TestSmb(TestCase):
user=cls.username, user=cls.username,
) )
) )
cls._smbd = subprocess.Popen( cls._smbd = subprocess.Popen([which_smbd(), "-FS", "-P0", "-s", samba_conf])
"{} -FS -P0 -s {}".format(which_smbd(), samba_conf), shell=True
)
time.sleep(1) time.sleep(1)
pidfile = os.path.join(cls.samba_dir, "smbd.pid") pidfile = os.path.join(cls.samba_dir, "smbd.pid")
with salt.utils.files.fopen(pidfile, "r") as fp: with salt.utils.files.fopen(pidfile, "r") as fp:

115
tests/integration/utils/test_win_runas.py
View file

@ -357,8 +357,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
ret = subprocess.call( ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), [
shell=True, "cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
) )
self.assertEqual(ret, 1) self.assertEqual(ret, 1)
@ -379,8 +385,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
ret = subprocess.call( ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), [
shell=True, "cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
) )
self.assertEqual(ret, 1) self.assertEqual(ret, 1)
@ -406,8 +418,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
ret = subprocess.call( ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), [
shell=True, "cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
) )
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
@ -432,8 +450,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
ret = subprocess.call( ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), [
shell=True, "cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
) )
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
@ -448,8 +472,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
ret = subprocess.call( ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), [
shell=True, "cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
) )
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
@ -464,8 +494,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
ret = subprocess.call( ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), [
shell=True, "cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
) )
self.assertEqual(ret, 1) self.assertEqual(ret, 1)
@ -480,8 +516,14 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
ret = subprocess.call( ret = subprocess.call(
"cmd.exe /C winrs /r:{} python {}".format(self.hostname, RUNAS_PATH), [
shell=True, "cmd.exe",
"/C",
"winrs",
"/r:{}".format(self.hostname),
"python",
RUNAS_PATH,
]
) )
self.assertEqual(ret, 1) self.assertEqual(ret, 1)
@ -489,7 +531,6 @@ class RunAsTest(ModuleCase):
"test-runas", on_existing="delete", delete=True, password=PASSWORD "test-runas", on_existing="delete", delete=True, password=PASSWORD
) )
def test_runas_powershell_remoting(self, username): def test_runas_powershell_remoting(self, username):
psrp_wrap = "powershell Invoke-Command -ComputerName {} -ScriptBlock {{ {} }}"
runaspy = textwrap.dedent( runaspy = textwrap.dedent(
""" """
import sys import sys
@ -503,15 +544,22 @@ class RunAsTest(ModuleCase):
) )
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH) ret = subprocess.call(
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) [
"powershell",
"Invoke-Command",
"-ComputerName",
self.hostname,
"-ScriptBlock",
"{{ python.exe {} }}".format(RUNAS_PATH),
]
)
self.assertEqual(ret, 1) self.assertEqual(ret, 1)
@with_system_user( @with_system_user(
"test-runas", on_existing="delete", delete=True, password=PASSWORD "test-runas", on_existing="delete", delete=True, password=PASSWORD
) )
def test_runas_powershell_remoting_no_pass(self, username): def test_runas_powershell_remoting_no_pass(self, username):
psrp_wrap = "powershell Invoke-Command -ComputerName {} -ScriptBlock {{ {} }}"
runaspy = textwrap.dedent( runaspy = textwrap.dedent(
""" """
import sys import sys
@ -524,8 +572,16 @@ class RunAsTest(ModuleCase):
) )
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH) ret = subprocess.call(
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) [
"powershell",
"Invoke-Command",
"-ComputerName",
self.hostname,
"-ScriptBlock",
"{{ python.exe {} }}".format(RUNAS_PATH),
]
)
self.assertEqual(ret, 1) self.assertEqual(ret, 1)
@with_system_user( @with_system_user(
@ -552,7 +608,7 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}; exit $LASTEXITCODE".format(RUNAS_PATH) cmd = "python.exe {}; exit $LASTEXITCODE".format(RUNAS_PATH)
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) # nosec
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
@with_system_user( @with_system_user(
@ -577,7 +633,7 @@ class RunAsTest(ModuleCase):
with salt.utils.files.fopen(RUNAS_PATH, "w") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}; exit $LASTEXITCODE".format(RUNAS_PATH) cmd = "python.exe {}; exit $LASTEXITCODE".format(RUNAS_PATH)
ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) ret = subprocess.call(psrp_wrap.format(self.hostname, cmd), shell=True) # nosec
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
@with_system_user( @with_system_user(
@ -590,8 +646,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, PASSWORD) runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, PASSWORD)
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH) ret = subprocess.call(["python.exe", RUNAS_PATH])
ret = subprocess.call(cmd, shell=True)
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
win32serviceutil.StartService("test service") win32serviceutil.StartService("test service")
wait_for_service("test service") wait_for_service("test service")
@ -609,8 +664,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, "") runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, "")
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH) ret = subprocess.call(["python.exe", RUNAS_PATH])
ret = subprocess.call(cmd, shell=True)
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
win32serviceutil.StartService("test service") win32serviceutil.StartService("test service")
wait_for_service("test service") wait_for_service("test service")
@ -632,8 +686,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, PASSWORD) runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, PASSWORD)
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH) ret = subprocess.call(["python.exe", RUNAS_PATH])
ret = subprocess.call(cmd, shell=True)
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
win32serviceutil.StartService("test service") win32serviceutil.StartService("test service")
wait_for_service("test service") wait_for_service("test service")
@ -655,8 +708,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, "") runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), username, "")
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH) ret = subprocess.call(["python.exe", RUNAS_PATH])
ret = subprocess.call(cmd, shell=True)
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
win32serviceutil.StartService("test service") win32serviceutil.StartService("test service")
wait_for_service("test service") wait_for_service("test service")
@ -671,8 +723,7 @@ class RunAsTest(ModuleCase):
runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), "SYSTEM", "") runaspy = SERVICE_SOURCE.format(repr(RUNAS_OUT), "SYSTEM", "")
with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp: with salt.utils.files.fopen(RUNAS_PATH, "w", encoding="utf-8") as fp:
fp.write(runaspy) fp.write(runaspy)
cmd = "python.exe {}".format(RUNAS_PATH) ret = subprocess.call(["python.exe", RUNAS_PATH])
ret = subprocess.call(cmd, shell=True)
self.assertEqual(ret, 0) self.assertEqual(ret, 0)
win32serviceutil.StartService("test service") win32serviceutil.StartService("test service")
wait_for_service("test service") wait_for_service("test service")

4
tests/pytests/integration/modules/test_rpmbuild_pkgbuild.py
View file

@ -263,7 +263,7 @@ def gpg_agent_ids(value):
@pytest.fixture(params=(True, False), ids=gpg_agent_ids) @pytest.fixture(params=(True, False), ids=gpg_agent_ids)
def gpg_agent(request, gpghome): def gpg_agent(request, gpghome):
gpg_version_proc = subprocess.run( gpg_version_proc = subprocess.run( # nosec
"gpgconf --version | head -n 1 | awk '{ print $3 }'", "gpgconf --version | head -n 1 | awk '{ print $3 }'",
shell=True, shell=True,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
@ -308,7 +308,7 @@ def gpg_agent(request, gpghome):
echo_gpg_tty_cmd = "GPG_TTY=$(tty) ; export GPG_TTY ; echo $GPG_TTY=$(tty) > {}".format( echo_gpg_tty_cmd = "GPG_TTY=$(tty) ; export GPG_TTY ; echo $GPG_TTY=$(tty) > {}".format(
gpg_tty_info_path gpg_tty_info_path
) )
subprocess.run( subprocess.run( # nosec
"{}; {}".format(gpg_agent_cmd, echo_gpg_tty_cmd), shell=True, check=True "{}; {}".format(gpg_agent_cmd, echo_gpg_tty_cmd), shell=True, check=True
) )
yield yield