[utilities_common] replace shell=True #2718
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: maipbui <maibui@microsoft.com>
qiluo-msft
reviewed
Mar 20, 2023
config/main.py
Outdated
| clicommon.run_command('hostname -F /etc/hostname', display_cmd=True) | ||
| clicommon.run_command(r'sed -i "/\s{}$/d" /etc/hosts'.format(current_hostname), display_cmd=True) | ||
| clicommon.run_command('echo "127.0.0.1 {}" >> /etc/hosts'.format(hostname), display_cmd=True) | ||
| with open('etc/hostname', 'w') as f: |
qiluo-msft
reviewed
Mar 20, 2023
config/main.py
Outdated
| f.write(str(hostname) + '\n') | ||
| clicommon.run_command(['hostname', '-F', '/etc/hostname'], display_cmd=True) | ||
| clicommon.run_command(['sed', '-i', "/\s{}$/d".format(current_hostname), '/etc/hosts'], display_cmd=True) | ||
| with open('etc/hosts', 'a') as f: |
Signed-off-by: Mai Bui <maibui@microsoft.com>
Signed-off-by: Mai Bui <maibui@microsoft.com>
Signed-off-by: Mai Bui <maibui@microsoft.com>
Signed-off-by: Mai Bui <maibui@microsoft.com>
Signed-off-by: Mai Bui <maibui@microsoft.com>
qiluo-msft
reviewed
May 2, 2023
| @@ -1305,9 +1303,9 @@ def load(filename, yes): | |||
| return | |||
|
|
|||
| if namespace is None: | |||
| command = "{} -j {} --write-to-db".format(SONIC_CFGGEN_PATH, file) | |||
qiluo-msft
reviewed
May 2, 2023
config/main.py
Outdated
| # Ignore error for IPv6 configuration command due to it not allows config the same IP twice | ||
| clicommon.run_command(command, display_cmd=True, ignore_error=True) | ||
| command = "ip{} route add default via {} dev eth0 table default".format(" -6" if mgmt_conf.version == 6 else "", gw_addr) | ||
| command = ['ip{}'.format(" -6" if mgmt_conf.version == 6 else ""), 'route', 'add', 'default', 'via', str(gw_addr), 'dev', 'eth0', 'table', 'default'] |
qiluo-msft
reviewed
May 2, 2023
config/main.py
Outdated
| clicommon.run_command(command, display_cmd=True, ignore_error=True) | ||
| command = "ip{} rule add from {} table default".format(" -6" if mgmt_conf.version == 6 else "", str(mgmt_conf.ip)) | ||
| command = ['ip{}'.format(" -6" if mgmt_conf.version == 6 else ""), 'rule', 'add', 'from', str(mgmt_conf.ip), 'table', 'default'] |
qiluo-msft
reviewed
May 2, 2023
config/main.py
Outdated
| clicommon.run_command(command, display_cmd=True, ignore_error=True) | ||
| pid_cmd = ['cat', '/var/run/dhclient.eth0.pid'] | ||
| _, pid = getstatusoutput_noshell(pid_cmd) | ||
| cmd0 = ['[', '-f', '/var/run/dhclient.eth0.pid', ']'] |
qiluo-msft
reviewed
May 2, 2023
show/platform.py
Outdated
| cmd = "sudo ssdutil -d " + device | ||
| options = " -v" if verbose else "" | ||
| options += " -e" if vendor else "" | ||
| cmd = ['sudo', 'ssdutil', '-d', device] |
Signed-off-by: Mai Bui <maibui@microsoft.com>
Signed-off-by: Mai Bui <maibui@microsoft.com>
Signed-off-by: Mai Bui <maibui@microsoft.com>
Signed-off-by: Mai Bui <maibui@microsoft.com>
Signed-off-by: Mai Bui <maibui@microsoft.com>
10 tasks
qiluo-msft
reviewed
May 24, 2023
config/main.py
Outdated
|
|
||
|
|
||
| def _get_sonic_services(): | ||
| out, _ = clicommon.run_command("systemctl list-dependencies --plain sonic.target | sed '1d'", return_cmd=True) | ||
| cmd = "systemctl list-dependencies --plain sonic.target | sed '1d'" | ||
| out, _ = clicommon.run_command(cmd, return_cmd=True, shell=True) |
Signed-off-by: Mai Bui <maibui@microsoft.com>
qiluo-msft
previously approved these changes
May 25, 2023
Signed-off-by: Mai Bui <maibui@microsoft.com>
qiluo-msft
approved these changes
May 31, 2023
dprital
added a commit
to dprital/sonic-buildimage
that referenced
this pull request
Jun 5, 2023
Update sonic-utilities submodule pointer to include the following: * 5c9b2177 Fix issue: out of range sflow polling interval is accepted and stored in config_db ([sonic-net#2847](sonic-net/sonic-utilities#2847)) * 72ca4848 Add CLI configuration options for teamd retry count feature ([sonic-net#2642](sonic-net/sonic-utilities#2642)) * 359dfc0c [Clock] Implement clock CLI ([sonic-net#2793](sonic-net/sonic-utilities#2793)) * b316fc27 Add transceiver status CLI to show output from TRANSCEIVER_STATUS table ([sonic-net#2772](sonic-net/sonic-utilities#2772)) * dc59dbd2 Replace pickle by json ([sonic-net#2849](sonic-net/sonic-utilities#2849)) * a66f41c4 [show] replace shell=True, replace xml by lxml, replace exit by sys.exit ([sonic-net#2666](sonic-net/sonic-utilities#2666)) * 57500572 [utilities_common] replace shell=True ([sonic-net#2718](sonic-net/sonic-utilities#2718)) * 6e0ee3e7 [CRM][DASH] Extend CRM utility to support DASH resources. ([sonic-net#2800](sonic-net/sonic-utilities#2800)) * b2c29b0b [config] Generate sysinfo in single asic ([sonic-net#2856](sonic-net/sonic-utilities#2856)) Signed-off-by: dprital <drorp@nvidia.com>
10 tasks
StormLiangMS
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Jun 5, 2023
…nic-utilities submodule on master (#15193) Dependency: sonic-net/sonic-utilities#2718 Why I did it This PR sonic-net/sonic-utilities#2718 reduce shell=True usage in utilities_common.cli.run_command() function. Work item tracking Microsoft ADO (number only): 15022050 How I did it Replace strings commands using utilities_common.cli.run_command() function to list of strings due to circular dependency, advance sonic-utilities submodule 72ca4848 (HEAD -> master, upstream/master, upstream/HEAD) Add CLI configuration options for teamd retry count feature (sonic-net/sonic-utilities#2642) 359dfc0c [Clock] Implement clock CLI (sonic-net/sonic-utilities#2793) b316fc27 Add transceiver status CLI to show output from TRANSCEIVER_STATUS table (sonic-net/sonic-utilities#2772) dc59dbd2 Replace pickle by json (sonic-net/sonic-utilities#2849) a66f41c4 [show] replace shell=True, replace xml by lxml, replace exit by sys.exit (sonic-net/sonic-utilities#2666) 57500572 [utilities_common] replace shell=True (sonic-net/sonic-utilities#2718) 6e0ee3e7 [CRM][DASH] Extend CRM utility to support DASH resources. (sonic-net/sonic-utilities#2800) b2c29b0b [config] Generate sysinfo in single asic (sonic-net/sonic-utilities#2856)
pdhruv-marvell
pushed a commit
to pdhruv-marvell/sonic-utilities
that referenced
this pull request
Aug 23, 2023
#### What I did `subprocess()` - when using with `shell=True` is dangerous. Using subprocess function without a static string can lead to command injection. #### How I did it remove shell=True in utilities_common.cli.run_command() function. `subprocess()` - use `shell=False` instead, use list of strings Ref: [https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation](https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation) #### How to verify it Pass UT Manual test Signed-off-by: Mai Bui <maibui@microsoft.com>
Merged
maipbui
added a commit
that referenced
this pull request
Sep 15, 2023
Resolves sonic-net/sonic-buildimage#16542 #### What I did Update str -> list[str] commands which were missed in #2718 #### How I did it #### How to verify it Pass UT. Manual test, issue resolved, tested in internal.79435802-3bbd91c86e version Signed-off-by: Mai Bui <maibui@microsoft.com>
yaqiangz
pushed a commit
to yaqiangz/sonic-utilities
that referenced
this pull request
Sep 20, 2023
Resolves sonic-net/sonic-buildimage#16542 Update str -> list[str] commands which were missed in sonic-net#2718 Pass UT. Manual test, issue resolved, tested in internal.79435802-3bbd91c86e version Signed-off-by: Mai Bui <maibui@microsoft.com>
This was referenced Sep 20, 2023
Closed
yaqiangz
added a commit
that referenced
this pull request
Sep 20, 2023
Why I did Use static str to run_command would encounter error because change in this PR: #2718. How I did it Change command from static str to list. How to verify it UT passed. Build whl and install in testbed. Signed-off-by: Yaqiang Zhu <yaqiangzhu@microsoft.com>
sonic-otn
pushed a commit
to sonic-otn/sonic-buildimage
that referenced
this pull request
Sep 20, 2023
…nic-utilities submodule on master (sonic-net#15193) Dependency: sonic-net/sonic-utilities#2718 Why I did it This PR sonic-net/sonic-utilities#2718 reduce shell=True usage in utilities_common.cli.run_command() function. Work item tracking Microsoft ADO (number only): 15022050 How I did it Replace strings commands using utilities_common.cli.run_command() function to list of strings due to circular dependency, advance sonic-utilities submodule 72ca4848 (HEAD -> master, upstream/master, upstream/HEAD) Add CLI configuration options for teamd retry count feature (sonic-net/sonic-utilities#2642) 359dfc0c [Clock] Implement clock CLI (sonic-net/sonic-utilities#2793) b316fc27 Add transceiver status CLI to show output from TRANSCEIVER_STATUS table (sonic-net/sonic-utilities#2772) dc59dbd2 Replace pickle by json (sonic-net/sonic-utilities#2849) a66f41c4 [show] replace shell=True, replace xml by lxml, replace exit by sys.exit (sonic-net/sonic-utilities#2666) 57500572 [utilities_common] replace shell=True (sonic-net/sonic-utilities#2718) 6e0ee3e7 [CRM][DASH] Extend CRM utility to support DASH resources. (sonic-net/sonic-utilities#2800) b2c29b0b [config] Generate sysinfo in single asic (sonic-net/sonic-utilities#2856)
StormLiangMS
pushed a commit
that referenced
this pull request
Sep 21, 2023
Why I did Use static str to run_command would encounter error because change in this PR: #2718. How I did it Change command from static str to list. How to verify it UT passed. Build whl and install in testbed. Signed-off-by: Yaqiang Zhu <yaqiangzhu@microsoft.com>
JunhongMao
pushed a commit
to JunhongMao/sonic-utilities
that referenced
this pull request
Oct 4, 2023
Resolves sonic-net/sonic-buildimage#16542 #### What I did Update str -> list[str] commands which were missed in sonic-net#2718 #### How I did it #### How to verify it Pass UT. Manual test, issue resolved, tested in internal.79435802-3bbd91c86e version Signed-off-by: Mai Bui <maibui@microsoft.com>
JunhongMao
pushed a commit
to JunhongMao/sonic-utilities
that referenced
this pull request
Oct 4, 2023
Why I did Use static str to run_command would encounter error because change in this PR: sonic-net#2718. How I did it Change command from static str to list. How to verify it UT passed. Build whl and install in testbed. Signed-off-by: Yaqiang Zhu <yaqiangzhu@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What I did
subprocess()- when using withshell=Trueis dangerous. Using subprocess function without a static string can lead to command injection.How I did it
remove shell=True in utilities_common.cli.run_command() function.
subprocess()- useshell=Falseinstead, use list of strings Ref: https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigationHow to verify it
Pass UT
Manual test
Previous command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)