Vaibhav Singh Vaibhav Singh - 2 months ago 11
Python Question

How to fix security issue in python?

I have used

os.system('cls' if os.name == 'nt' else 'clear')
to clear the ouput while running scripts but on codacy i am getting one securiy issue


Starting a process with a shell, possible injection detected, security issue.


How to resolve the issue?

Script link: https://www.codacy.com/app/vaibhavsingh97/StalkPy/file/9458582870/issues/source?bid=5189215&fileBranchId=5189215#l43

Answer Source

It has security issues just when you run the function with arguments taken from users. For example:

import os
def do_clear(command): # Notice command is sent as argument from outside world and hence this makes it vulnerable
    os.system(command)

If the method is called with for example

do_clear('rm -f */*')

Then it is possible that it deletes all the files of current directory. But if the 'clear' command is to be directly used, you do not have to worry about the security issue, as only 'clear' is run in all conditions. So the following function is secure enough.

def do_clear(): # Notice command is not sent as argument from outside world
    os.system('cls' if os.name == 'nt' else 'clear') # This is not risky as os.system takes clear/cls command always.