Remove shell=True for actions (following Bandit issue report) #1851

2025-01-04 16:03:52 +03:00 · 2021-04-21 10:47:47 +02:00 · 2021-04-21 10:47:47 +02:00 · b597acf19c
commit b597acf19c
parent fe7e3dff4e
1 changed files with 4 additions and 4 deletions
--- a/glances/actions.py
+++ b/glances/actions.py
@ -2,7 +2,7 @@
 #
 # This file is part of Glances.
 #
-# Copyright (C) 2019 Nicolargo <nicolas@nicolargo.com>
+# Copyright (C) 2021 Nicolargo <nicolas@nicolargo.com>
 #
 # Glances is free software; you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published by
@ -94,10 +94,10 @@ class GlancesActions(object):
            logger.info("Action triggered for {} ({}): {}".format(stat_name,
                                                                  criticity,
                                                                  cmd_full))
-            logger.debug("Stats value for the trigger: {}".format(
-                mustache_dict))
+            logger.debug("Action will be executed with the following command: \
+                subprocess.Popen({}, shell=False)".format(cmd_full.split(' ')))
            try:
-                Popen(cmd_full, shell=True)
+                Popen(cmd_full.split(' '), shell=False)
            except OSError as e:
                logger.error("Can't execute the action ({})".format(e))