LotusGuild/analyzeOSDs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Suppress bandit B602 false positive in admin CLI tool
Lint / Python (flake8) (push) Successful in 29s
Details
Security / Python Security (bandit) (push) Successful in 19s
Details

Browse Source 
subprocess shell=True is intentional: cmd is a ceph/SSH command
built internally, not from untrusted user input. Admin-only tool.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-04-14 12:40:34 -04:00
parent 309a32f3f7
commit 248dd64c51
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ceph_osd_analyzer.py
+1 -1
View File
@@ -37,7 +37,7 @@ def run_command(cmd, parse_json=False, host=None):
if DEBUG:
print(f"{Colors.CYAN}DEBUG: Running: {cmd}{Colors.END}")
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, check=True)
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, check=True) # nosec B602 — admin-only CLI tool; cmd is ceph/ssh commands built internally
if parse_json:
return json.loads(result.stdout)
return result.stdout.strip()