Usingbandit
for checking the code for vulnerability issues.
https://docs.openstack.org/bandit/1.4.0/plugins/start_process_with_a_shell.html
How to go about resolving this? Is there an alternative to using commands
library( i.e commands.getoutput
)? Please advise.
( python 2.7)
New to this security field, kindly update the tags if these aren't appropriate.
Here it says, https://github.com/openstack/bandit/blob/master/bandit/plugins/injection_shell.py#L62
commands.getoutput is vulnerable, but doesn't suggest a replacement! Ugh!
Could sombebody please recommend a solution to this. Thank you.
The only solution I have found is , marking tests which you know for sure to be false flags with the
--no-sec
flag. This will omit that particular test from bandit's checks/