Comments (2)
lieryan
commented on June 27, 2024
1
Python's subprocesses.Popen() (and all the other convenience methods in the standard library that internally uses it as well as the low-level function calls to exec/spawn processes in os) in the standard library all do have support for spawning subprocesses using a list and in fact the list argument is the recommended way to spawn subprocesses, if you have to spawn subprocesses. The list argument is also necessary to call a multi-call binary (e.g. busybox) which is basically impossible to use in invoke. Using a shell to spawn subprocesses is a major security risk (and also it's bad for performance) and context.run() basically forces you to write insecure tasks.
Many security scanners such as bandit would flag use of subprocesses with the shell/string argument as high security risk. Using context.run() somewhat bypasses the scanners that don't recognise the invoke library, but all of the security risk is pretty much still there, and in fact, worse, since there isn't any way to actually do anything safely with context.run().
I'm actually rather surprised by the complete lack of consideration to do any sort of secure coding in invoke.run(). While there are many use case of invoke where shell security may not be important, there is not even any way for people who need to call subprocesses with semi/untrusted data using context.run().
from invoke.
Related Issues (20)
- 2.2.0: sphinx warnings `reference target not found`
- Document adding print-completion-script to venv
- MockContext does not honor "warn=False" which is the default behaviour
- Load project level configuration files earlier
- sdist is missing tox.ini
- `dev-requirements.txt` is missing `spec`
- Possible third option
- Autocomplete after `inv --help` doesn't work as expected
- Support for arm64 architecture? HOT 2
- clint issues and project seems abandoned HOT 2
- getargspec deprecated in Python 3.0 - now gone HOT 2
- loader.py: Wrong directory inserted into sys.path for modules HOT 1
- Change default shell without a config file or Context? HOT 3
- Task decorator removes docstring HOT 1
- Run tasks relative to `tasks.py` HOT 2
- How to manually set short flags? HOT 1
- Specify a config file per Collection... possible?
- Collection mix-up when cross importing invoke tasks
- Running post tasks even if the main task fail
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from invoke.