Skip to content

wildcard-in-system-call

Ensure system calls do not use wildcards

When executing shell commands that contains wildcard characters (such as *), even though the application may not be vulnerable to os-command-injection, it may be insecure as the glob may end up matching user controlled file names (if upload to a directory is allowed). Some variants of OS command execution functions will sanitize or otherwise render such globbing match safer.

Examples

Insecure Example

import os
import subprocess
os.system("/bin/tar xvzf *")
os.system('/bin/chown *')
os.popen2('/bin/chmod *')
subprocess.Popen('/bin/chown *', shell=True)

Secure Example

import os
import subprocess
subprocess.Popen('/bin/rsync *')
subprocess.Popen("/bin/chmod *")
subprocess.Popen(['/bin/chown', '*'])
subprocess.Popen(["/bin/chmod", sys.argv[1], "*"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
os.spawnvp(os.P_WAIT, 'tar', ['tar', 'xvzf', '*'])