Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

B404 Consider possible security implications associated with DEVNULL module. #666

Closed
Dreamsorcerer opened this issue Dec 13, 2020 · 4 comments · Fixed by #667
Closed

B404 Consider possible security implications associated with DEVNULL module. #666

Dreamsorcerer opened this issue Dec 13, 2020 · 4 comments · Fixed by #667
Labels
bug Something isn't working
Milestone
Release 1.7.3

Comments

@Dreamsorcerer
Copy link

Dreamsorcerer commented Dec 13, 2020
edited
Loading

from subprocess import DEVNULL, PIPE

produces B404 Consider possible security implications associated with DEVNULL module.

That's awfully confusing. I think it's meant to say 'subprocess module'.
@Dreamsorcerer
Copy link
Author

Dreamsorcerer commented Dec 13, 2020
edited
Loading

On a related note, it seems to miss the fact that I'm using asyncio.create_subprocess_exec(). I'd expect to get some warnings for that.

@ericwb ericwb added the bug Something isn't working label Dec 13, 2020
@ericwb ericwb added this to the Release 1.7.1 milestone Dec 14, 2020
@ericwb
Copy link
Member

ericwb commented Dec 14, 2020

Please open a separate issue for the asyncio.create_subprocess_exec(). Thanks

@ericwb ericwb mentioned this issue Dec 14, 2020
Merged
@ericwb
Copy link
Member

ericwb commented Dec 14, 2020

Actually #619 already captures the asyncio bit.

@Dreamsorcerer
Copy link
Author

Forgot I already opened that. :P

This error should therefore probably not appear at all, as I've only imported a couple of flags, there shouldn't be any security considerations for that.

ericwb added a commit that referenced this issue Dec 17, 2020
@ericwb
Clearer message for subprocess module use (#667)
b59beba 
This change modifies the warning using subprocess module. The
module is subprocess, and anything else is a submodule or function.

Fixes #666

Signed-off-by: Eric Brown <browne@vmware.com>
mikespallino pushed a commit to mikespallino/bandit that referenced this issue Aug 25, 2021
@ericwb @mikespallino
Clearer message for subprocess module use (PyCQA#667)
0cec95c 
This change modifies the warning using subprocess module. The
module is subprocess, and anything else is a submodule or function.

Fixes PyCQA#666

Signed-off-by: Eric Brown <browne@vmware.com>
mikespallino pushed a commit to mikespallino/bandit that referenced this issue Jan 7, 2022
@ericwb @mikespallino
Clearer message for subprocess module use (PyCQA#667)
0f8aaac 
This change modifies the warning using subprocess module. The
module is subprocess, and anything else is a submodule or function.

Fixes PyCQA#666

Signed-off-by: Eric Brown <browne@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
Release 1.7.3
Development

Successfully merging a pull request may close this issue.

Clearer message for subprocess module use
2 participants
@Dreamsorcerer @ericwb