From 2334b3c550c217308efbaf3f4f22718c3b3d0466 Mon Sep 17 00:00:00 2001
From: Alex Yang <yangyang1@zte.com.cn>
Date: Thu, 4 Jan 2018 16:40:02 +0800
Subject: Fix security risks about shell=True

Change-Id: I2db012e2b6a4325c42d5422901dea52a5ab7f664
Signed-off-by: Alex Yang <yangyang1@zte.com.cn>
---
 deploy/utils.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'deploy')

diff --git a/deploy/utils.py b/deploy/utils.py
index 55fbc53a..d0e67359 100644
--- a/deploy/utils.py
+++ b/deploy/utils.py
@@ -124,10 +124,9 @@ def ipmi_reboot_node(host, user, passwd, boot_source=None):
 
 
 def run_shell(cmd, check=False):
-    process = subprocess.Popen(cmd,
+    process = subprocess.Popen(cmd.split(),
                                stdout=subprocess.PIPE,
-                               stderr=subprocess.PIPE,
-                               shell=True)
+                               stderr=subprocess.PIPE)
     while process.poll() is None:
         LD(process.stdout.readline().strip())
 
-- 
cgit 1.2.3-korg