[device/celestica] Mitigation for command injection vulnerability #11740
Conversation
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
maipbui
changed the title
Signed-off-by: maipbui <maibui@microsoft.com>
|
This pull request introduces 1 alert and fixes 6 when merging c24eec3 into a66941a - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <maibui@microsoft.com>
device/celestica/x86_64-cel_e1031-r0/sonic_platform/component.py
Outdated
Show resolved
Hide resolved
device/celestica/x86_64-cel_e1031-r0/sonic_platform/component.py
Outdated
Show resolved
Hide resolved
device/celestica/x86_64-cel_silverstone-r0/sonic_platform/psu.py
Outdated
Show resolved
Hide resolved
Signed-off-by: maipbui <maibui@microsoft.com>
Seems this function is not used. Please remove. Refers to: device/celestica/x86_64-cel_e1031-r0/sonic_platform/common.py:226 in ca56944. [](commit_id = ca56944, deletion_comment = False) |
Seems this function is not used. Please remove. Refers to: device/celestica/x86_64-cel_e1031-r0/sonic_platform/common.py:281 in ca56944. [](commit_id = ca56944, deletion_comment = False) |
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
|
This pull request introduces 7 alerts and fixes 6 when merging dada9ae into fdd9130 - view on LGTM.com new alerts:
fixed alerts:
|
|
This pull request introduces 5 alerts and fixes 6 when merging 91781fe into fdd9130 - view on LGTM.com new alerts:
fixed alerts:
|
|
This pull request introduces 1 alert and fixes 6 when merging 6647f81 into fdd9130 - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
|
This pull request introduces 1 alert and fixes 12 when merging a7b8055 into 1b5d07f - view on LGTM.com new alerts:
fixed alerts:
|
device/celestica/x86_64-cel_silverstone-r0/sonic_platform/helper.py
Outdated
Show resolved
Hide resolved
|
This pull request introduces 1 alert and fixes 13 when merging 65b4300 into fd6a1b0 - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <maibui@microsoft.com>
|
This pull request introduces 1 alert and fixes 13 when merging 0ce54ef into fd6a1b0 - view on LGTM.com new alerts:
fixed alerts:
|
|
This pull request fixes 13 alerts when merging a971633 into 1f0699f - view on LGTM.com fixed alerts:
|
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
|
This pull request fixes 13 alerts when merging 92147d7 into 1073a47 - view on LGTM.com fixed alerts:
|
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
@Blueve is connecting with Celestica reviewers. |
|
Celestica team acked to review, ETA: By Dec 11 |
| @@ -195,7 +185,7 @@ def write_txt_file(self, file_path, value): | |||
| return True | |||
|
|
|||
| def is_host(self): | |||
| return os.system(self.HOST_CHK_CMD) == 0 | |||
| return subprocess.call(self.HOST_CHK_CMD) == 0 | |||
There was a problem hiding this comment.
If use subprocess.call, need to suppress stdout/stderr and handle docker command not found exception.
The following example codes work in both host and docker mode.
def is_host():
try:
subprocess.call(HOST_CHK_CMD, stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL)
except FileNotFoundError:
return False
return TrueThere was a problem hiding this comment.
I think os.system is equivalent with subprocess.call without specifying stdout and stderr to DEVNULL. Ref: https://docs.python.org/3/library/subprocess.html#replacing-os-system
There was a problem hiding this comment.
I got what you meant, I will change per your suggestion
There was a problem hiding this comment.
I think os.system is equivalent with subprocess.call without specifying stdout and stderr to DEVNULL. Ref: https://docs.python.org/3/library/subprocess.html#replacing-os-system
Yes, no essential differences between the two functions, but HOST_CHK_CMD had been changed from "docker > /dev/null 2>&1" to ["docker"], so there is no way to suppress the 'docker' command output any more in host mode. And handling the FileNotFoundError exception is also necessary for docker mode.
There was a problem hiding this comment.
Fixed. Could you review and approve? Thank you!
| @@ -15,7 +15,7 @@ def __init__(self): | |||
| (self.platform, self.hwsku) = device_info.get_platform_and_hwsku() | |||
|
|
|||
| def is_host(self): | |||
| return os.system(HOST_CHK_CMD) == 0 | |||
| return subprocess.call(HOST_CHK_CMD) == 0 | |||
There was a problem hiding this comment.
Please consider changing the is_host function implementation as suggested above.
| @@ -13,7 +14,7 @@ def __init__(self): | |||
| pass | |||
|
|
|||
| def is_host(self): | |||
| return os.system(HOST_CHK_CMD) == 0 | |||
| return subprocess.call(HOST_CHK_CMD) == 0 | |||
There was a problem hiding this comment.
Please consider changing the is_host function implementation as suggested above.
| @@ -270,7 +269,7 @@ def __convert_string_to_num(self, value_str): | |||
| return 'N/A' | |||
|
|
|||
| def __is_host(self): | |||
| return os.system(self.HOST_CHK_CMD) == 0 | |||
| return subprocess.call(self.HOST_CHK_CMD) == 0 | |||
There was a problem hiding this comment.
Please consider changing the is_host function implementation as suggested above.
| @@ -166,7 +167,7 @@ def write_txt_file(self, file_path, value): | |||
| return True | |||
|
|
|||
| def is_host(self): | |||
| return os.system(self.HOST_CHK_CMD) == 0 | |||
| return subprocess.call(self.HOST_CHK_CMD) == 0 | |||
There was a problem hiding this comment.
Please consider changing the is_host function implementation as suggested above.
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
|
This pull request fixes 13 alerts when merging 34991a5 into d993444 - view on LGTM.com fixed alerts:
Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog. |
Signed-off-by: maipbui maibui@microsoft.com
Dependency: PR (#12065) needs to merge first.
Why I did it
eval()- not secure against maliciously constructed input, can be dangerous if used to evaluate dynamic content. This may be a code injection vulnerability.subprocess()- when using withshell=Trueis dangerous. Using subprocess function without a static string can lead to command injection.os- not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.isoperator - string comparison should not be used with reference equality.globals()- extremely dangerous because it may allow an attacker to execute arbitrary code on the systemHow I did it
eval()- useliteral_eval()subprocess()- useshell=Falseinstead. use an array string. Ref: https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigationos- use withsubprocessis- replace by==operator for value equalityglobals()- avoid the use of globals()How to verify it
Which release branch to backport (provide reason below if selected)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)