wildcard-in-system-call¶
Ensure system calls do not use wildcards
When executing shell commands that contains wildcard characters (such as *
), even though the application may not be vulnerable to os-command-injection
, it may be insecure as the glob may end up matching user controlled file names (if upload to a directory is allowed). Some variants of OS command execution functions will sanitize or otherwise render such globbing match safer.
Examples¶
Insecure Example
import os
import subprocess
os.system("/bin/tar xvzf *")
os.system('/bin/chown *')
os.popen2('/bin/chmod *')
subprocess.Popen('/bin/chown *', shell=True)
Secure Example
import os
import subprocess
subprocess.Popen('/bin/rsync *')
subprocess.Popen("/bin/chmod *")
subprocess.Popen(['/bin/chown', '*'])
subprocess.Popen(["/bin/chmod", sys.argv[1], "*"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
os.spawnvp(os.P_WAIT, 'tar', ['tar', 'xvzf', '*'])