Vaibhav Singh Vaibhav Singh - 1 year ago 44
Python Question

How to fix security issue in python?

I have used

os.system('cls' if == 'nt' else 'clear')
to clear the ouput while running scripts but on codacy i am getting one securiy issue

Starting a process with a shell, possible injection detected, security issue.

How to resolve the issue?

Script link:

Answer Source

It has security issues just when you run the function with arguments taken from users. For example:

import os
def do_clear(command): # Notice command is sent as argument from outside world and hence this makes it vulnerable

If the method is called with for example

do_clear('rm -f */*')

Then it is possible that it deletes all the files of current directory. But if the 'clear' command is to be directly used, you do not have to worry about the security issue, as only 'clear' is run in all conditions. So the following function is secure enough.

def do_clear(): # Notice command is not sent as argument from outside world
    os.system('cls' if == 'nt' else 'clear') # This is not risky as os.system takes clear/cls command always.
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download