-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[device/dell] Mitigation for security vulnerability #11875
Conversation
device/dell/x86_64-dellemc_n3248pxe_c3338-r0/plugins/fanutil.py
Outdated
Show resolved
Hide resolved
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
This pull request introduces 6 alerts and fixes 1 when merging a1bd8ec into 1e75abc - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <maibui@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
This pull request introduces 6 alerts and fixes 7 when merging cd61bca into a8b2a53 - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <maibui@microsoft.com>
This pull request introduces 2 alerts and fixes 12 when merging 017f143 into 38cc35f - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <maibui@microsoft.com>
This pull request introduces 1 alert and fixes 12 when merging 8593247 into 7d1b99a - view on LGTM.com new alerts:
fixed alerts:
|
This pull request introduces 1 alert and fixes 12 when merging 7f54f67 into 7d1b99a - view on LGTM.com new alerts:
fixed alerts:
|
Signed-off-by: maipbui <maibui@microsoft.com>
This pull request introduces 1 alert and fixes 12 when merging f74eda9 into 5650762 - view on LGTM.com new alerts:
fixed alerts:
|
file = '/sys/module/ipmi_si/parameters/kipmid_max_busy_us' | ||
if os.path.exists(file): | ||
with open(file, 'w') as f: | ||
f.write('0\n') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are multiple ways to fail the block, for example, could not open file, or write failure. #Closed
file = '/sys/module/ipmi_si/parameters/kipmid_max_busy_us' | ||
if os.path.exists(file): | ||
with open(file, 'w') as f: | ||
f.write('1000\n') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signed-off-by: maipbui <maibui@microsoft.com>
This pull request introduces 1 alert and fixes 12 when merging f320820 into 1effff9 - view on LGTM.com new alerts:
fixed alerts:
|
@@ -46,28 +42,25 @@ def isDockerEnv(self): | |||
|
|||
# Fetch a BMC register | |||
def get_pmc_register(self, reg_name): | |||
|
|||
status = 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This pull request fixes 12 alerts when merging 43934a5 into 1f0699f - view on LGTM.com fixed alerts:
|
@srideepDell @santhosh-kt @thaj-deen @arunlk-dell Could you help review and verify? |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
changes looks good and also from the log. |
Signed-off-by: maipbui maibui@microsoft.com
Dependency: PR (#12065) needs to merge first.
Why I did it
commands
module is not protected against malicious inputgetstatusoutput
is detected without a static string, usesshell=True
How I did it
Eliminate the use of
commands
Use
subprocess.run()
, commands insubprorcess.run()
are totally staticFix indentation
How to verify it
Tested on DUT
dell_log.txt
Which release branch to backport (provide reason below if selected)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)