[PKG-Openstack-devel] Bug#794084: bandit: dubious "subprocess call without a subshell"
Jakub Wilk
jwilk at debian.org
Thu Jul 30 11:38:31 UTC 2015
Package: bandit
Version: 0.12.0-1
Bandit reported this to me:
>> Issue: subprocess call without a subshell.
Severity: Low Confidence: High
Location: test.py:2
1 import subprocess
2 subprocess.call("eggs")
I have no idea what what is supposed to be wrong with this code. The
message seems to imply that I should use a subshell instead, but such
a change would make no sense from the security perspective.
--
Jakub Wilk
More information about the Openstack-devel
mailing list