I'm going to invalidate this because the code being pointed out is just
dev/test scripts, not production runtime code. It can be fixed if
someone wants to restore and rework the patch but it's super low
priority IMO.
** Changed in: nova
Importance: Undecided => Low
** Changed in: nova
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1732363
Title:
Use subprocess securely
Status in OpenStack Compute (nova):
Invalid
Bug description:
Due to
https://docs.openstack.org/bandit/latest/plugins/subprocess_popen_with_shell_equals_true.html,
and reference
https://security.openstack.org/guidelines/dg_avoid-shell-true.html and
https://security.openstack.org/guidelines/dg_use-subprocess-securely.html,
we should use python pipes to avoid shells and use subprocess more securely.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1732363/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
