shell argument leads to unnecessary privileges

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: python-security/subprocess-shell-true

Language: Python

Severity: Warning

Category: Security

CWE: 78

Description

Never invoke subprocess.Popen with shell = True leads to unnecessary privileges and access to the underlying execution runtime. Execution with shell = True should clearly be verified and checked for code in production.

Learn More

  • CWE-250 - Execution with Unnecessary Privileges
  • CWE-657 - Violation of Secure Design Principles

Non-Compliant Code Examples

import subprocess

def find_dogweb_packages():
    # setuptools.find_packages is too slow since it walks the entire codebase, including Javascript code.
    # This is an equivalent but optimized function, specific to our codebase, listing all the available
    # packages.

    # Look for __init__.py files using fast UNIX tools
    r = subprocess.Popen(
        "find %s -name '__init__.py'" % " ".join(MODULE_PATHS), shell=True, stdout=subprocess.PIPE
    ).stdout.read()
from subprocess import Popen
Popen('/bin/ls %s' % ('something',), shell=True)
import subprocess
subprocess.Popen('/bin/ls %s' % ('something',), shell=True)

Compliant Code Examples

subprocess.Popen('/bin/ls %s' % ('something',), shell=False)
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: rtrieu/product-analytics-ui-changes