Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Check Report - Security Query #8

Open
ldbiz opened this issue Aug 25, 2020 · 0 comments
Open

QA Check Report - Security Query #8

ldbiz opened this issue Aug 25, 2020 · 0 comments
Assignees
@anjackson @GilHoggarth @ldbiz
Labels
QA Check Report Issue relates to the QA Check Report identifying potential w3act issues introduced by users question

Comments

@ldbiz
Copy link
Contributor

ldbiz commented Aug 25, 2020
edited

At present we call another w3act process in the same toolset (python-w3act) using the old popen call (subprocess didn't seem to work passing through wrapped arguments).

In theory this could raise injection issues, although presumably anybody doing that would already have access to the server, so it's probably not a problem.

Just flagging it to consider.

Example:

w3act get-csv -H server << this sort of thing is called using the method below.

https://github.com/ukwa/python-w3act/blob/master/w3act/dbc/identify_target_qa_issues.py#L70
@ldbiz ldbiz added question QA Check Report Issue relates to the QA Check Report identifying potential w3act issues introduced by users labels Aug 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anjackson anjackson

@GilHoggarth GilHoggarth

@ldbiz ldbiz

Labels
QA Check Report Issue relates to the QA Check Report identifying potential w3act issues introduced by users question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anjackson @GilHoggarth @ldbiz