Docker run subprocess shell=True command is insecure
Closed this issue · 0 comments
ryancurrah commented
Using shell=True could open the Rundeck node to a shell injection vulnerability.
Warning Executing shell commands that incorporate unsanitized input from an untrusted source makes a program vulnerable to shell injection, a serious security flaw which can result in arbitrary command execution. For this reason, the use of shell=True is strongly discouraged in cases where the command string is constructed from external input
Source: https://docs.python.org/2/library/subprocess.html#frequently-used-arguments