Detect unsafe shell execution in the asyncio framework. When we invoke the shell, we should make sure that the data is safe and secure. Use shlex to sanitize user inputs.
importasynciodefhandler(event,context):# Should sanitize argumentsasync_loop.run_until_complete(async_loop.subprocess_exec(waiting_protocol,["/bin/sh","mycommand"]))
Compliant Code Examples
importasyncioimportshlexdefhandler(event,context):# Should sanitize argumentsasync_loop.run_until_complete(async_loop.subprocess_exec(waiting_protocol,shlex.split(shlex.quote("/bin/sh mycommand"))))
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- python-security # Rules to enforce Python security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines