gitlab.bandit.B604

385

Download Count*

MIT

License

subprocess call - check for execution of untrusted input

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B604
    patterns:
      - pattern-not: subprocess.$FUNC(..., shell=True, ...)
      - pattern: $FOO(..., shell=True, ...)
    message: |
      subprocess call - check for execution of untrusted input
    metadata:
      cwe: "CWE-78: Improper Neutralization of Special Elements used in an OS Command
        ('OS Command Injection')"
      owasp: "A1: Injection"
      primary_identifier: bandit.B604
      secondary_identifiers:
        - name: Bandit Test ID B604
          type: bandit_test_id
          value: B604
      license: MIT
    severity: INFO
    languages:
      - python

Short Link: https://sg.run/bDvv