Module: check_mk
Branch: master
Commit: a31a0d9796ac65816f98052290e18528174a9900
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a31a0d9796ac65…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Sat Oct 8 14:13:42 2016 +0200
Cleaned up subprocess calls
Calls to subprocess.Popen() must be treated carefully:
a) Try to avoid shell=True. In case a shell is invoked and someone
is able to add user input, for example in case a validation of
user input is not sufficient, the user is able to inject commands.
b) Removing shell=True also saves performance (not spawning a shell)
c) Use close_fds=True to prevent file descriptor leaks or accidentially
closed file descriptors.
Same applies to os.popen() and os.system() calls which have not been
checked nor cleaned up yet.
---
bin/mkbackup | 4 +-
bin/mkeventd | 21 +++++------
modules/automation.py | 7 +++-
modules/check_mk.py | 87 +++++++++++++++++++++++++------------------
modules/notify.py | 14 ++++---
modules/snmp.py | 10 +++--
web/htdocs/backup.py | 2 +-
web/htdocs/crash_reporting.py | 4 +-
web/htdocs/multitar.py | 3 +-
web/htdocs/notify.py | 2 +-
web/htdocs/wato.py | 17 +++++----
11 files changed, 100 insertions(+), 71 deletions(-)
Diff:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=a31a0d9796…