Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AMBARI-25942: Useshell=False wherever subprocess module with shell=True is used #3729

Open
wants to merge 1 commit into
base: branch-2.7
Choose a base branch
from
Open

AMBARI-25942: Useshell=False wherever subprocess module with shell=True is used #3729

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions ambari-agent/conf/unix/agent-multiplier.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from ambari_commons import subprocess32
import shutil
from optparse import OptionParser
import shlex


class Host:
Expand Down Expand Up @@ -226,7 +227,7 @@ def create_host_name_script(self, host_name, host_name_script):
"echo HOSTNAME"
with open(str(host_name_script), "w+") as f:
f.writelines(template.replace("HOSTNAME", host_name))
subprocess32.call("chmod +x %s" % host_name_script, shell=True)
subprocess32.call(shlex.split("chmod +x %s" % host_name_script), shell=False)

def change_config(self, config_file, config_dict):
"""
Expand Down Expand Up @@ -321,21 +322,21 @@ def cmd_start(self):
for host in self.hosts:
cmd = "ambari-agent start --home %s" % (host.home_dir)
os.environ['AMBARI_AGENT_CONF_DIR'] = os.path.join(host.home_dir, "etc/ambari-agent/conf")
subprocess32.call(cmd, shell=True, env=os.environ)
subprocess32.call(shlex.split(cmd), shell=False, env=os.environ)

def cmd_stop(self):
print "Stopping %d host(s)" % len(self.hosts)
for host in self.hosts:
cmd = "ambari-agent stop --home %s" % (host.home_dir)
os.environ['AMBARI_AGENT_CONF_DIR'] = os.path.join(host.home_dir, "etc/ambari-agent/conf")
subprocess32.call(cmd, shell=True, env=os.environ)
subprocess32.call(shlex.split(cmd), shell=False, env=os.environ)

def cmd_restart(self):
print "Restarting %d host(s)" % len(self.hosts)
for host in self.hosts:
cmd = "ambari-agent restart --home %s" % (host.home_dir)
os.environ['AMBARI_AGENT_CONF_DIR'] = os.path.join(host.home_dir, "etc/ambari-agent/conf")
subprocess32.call(cmd, shell=True, env=os.environ)
subprocess32.call(shlex.split(cmd), shell=False, env=os.environ)

def cmd_status(self):
print "Summary of Agent Status:"
Expand Down
5 changes: 3 additions & 2 deletions ambari-agent/src/main/python/ambari_agent/Controller.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
import security
import ssl
import AmbariConfig
import shlex

from ambari_agent.Heartbeat import Heartbeat
from ambari_agent.Register import Register
Expand Down Expand Up @@ -633,12 +634,12 @@ def move_data_dir_mount_file(self):
if os.path.exists(source_file) and not os.path.exists(destination_file):
command = "mkdir -p %s" % os.path.dirname(destination_file)
logger.info("Moving Data Dir Mount History file. Executing command: %s" % command)
return_code = subprocess32.call(command, shell=True)
return_code = subprocess32.call(shlex.split(command), shell=False)
logger.info("Return code: %d" % return_code)

command = "mv %s %s" % (source_file, destination_file)
logger.info("Moving Data Dir Mount History file. Executing command: %s" % command)
return_code = subprocess32.call(command, shell=True)
return_code = subprocess32.call(shlex.split(command), shell=False)
logger.info("Return code: %d" % return_code)
except Exception, e:
logger.error("Exception in move_data_dir_mount_file(). Error: {0}".format(str(e)))
Expand Down
5 changes: 3 additions & 2 deletions ambari-agent/src/main/python/ambari_agent/PingPortListener.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import threading
import socket
from ambari_commons import subprocess32
import shlex

logger = logging.getLogger(__name__)
FUSER_CMD = "fuser {0}/tcp 2>/dev/null | awk '{1}'"
Expand Down Expand Up @@ -51,10 +52,10 @@ def __init__(self, config):


def run_os_command_in_shell(self, command):
process = subprocess32.Popen(command, stdout=subprocess32.PIPE,
process = subprocess32.Popen(shlex.split(command), stdout=subprocess32.PIPE,
stdin=subprocess32.PIPE,
stderr=subprocess32.PIPE,
shell=True)
shell=False)
return process.communicate()

def __del__(self):
Expand Down
6 changes: 5 additions & 1 deletion ambari-agent/src/main/python/ambari_agent/hostname.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import logging
import traceback
import sys
import shlex

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -80,7 +81,10 @@ def public_hostname(config):
try:
if config.has_option('agent', 'public_hostname_script'):
scriptname = config.get('agent', 'public_hostname_script')
output = subprocess32.Popen(scriptname, stdout=subprocess32.PIPE, stderr=subprocess32.PIPE, shell=True)
output = subprocess32.Popen(shlex.split(scriptname),
stdout=subprocess32.PIPE,
stderr=subprocess32.PIPE,
shell=False)
out, err = output.communicate()
if (0 == output.returncode and 0 != len(out.strip())):
cached_public_hostname = out.strip().lower()
Expand Down
3 changes: 2 additions & 1 deletion ambari-agent/src/main/python/ambari_agent/security.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
import threading
from ambari_stomp.adapter.websocket import WsConnection
from socket import error as socket_error
import shlex

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -303,7 +304,7 @@ def genAgentCrtReq(self, keyname):
p = subprocess32.Popen(generate_script, stdout=subprocess32.PIPE)
p.communicate()
else:
p = subprocess32.Popen([generate_script], shell=True,
p = subprocess32.Popen(shlex.split(generate_script), shell=False,
stdout=subprocess32.PIPE)
p.communicate()
# this is required to be 600 for security concerns.
Expand Down
3 changes: 2 additions & 1 deletion ambari-common/src/main/python/resource_management/core/providers/mount.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,14 @@
from resource_management.core.base import Fail
from resource_management.core.providers import Provider
from resource_management.core.logger import Logger
import shlex


def get_mounted():
"""
:return: Return a list of mount objects (dictionary type) that contain the device, mount point, and other options.
"""
p = Popen("mount", stdout=PIPE, stderr=STDOUT, shell=True)
p = Popen(shlex.split("mount"), stdout=PIPE, stderr=STDOUT, shell=False)
out = p.communicate()[0]
if p.wait() != 0:
raise Fail("Getting list of mounts (calling mount) failed")
Expand Down
3 changes: 2 additions & 1 deletion ambari-infra/ambari-infra-solr-client/src/main/python/migrationConfigGenerator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import ConfigParser
from subprocess import Popen, PIPE
from random import randrange
import shlex

SOLR_SERVICE_NAME = 'AMBARI_INFRA_SOLR'
SOLR_COMPONENT_NAME ='INFRA_SOLR'
Expand Down Expand Up @@ -138,7 +139,7 @@ def get_state_json_map(solr_urls, user='infra-solr', kerberos_enabled='false', k
state_json_data={}
request = GET_STATE_JSON_URL.format(get_random_solr_url(solr_urls))
get_state_json_cmd=create_solr_api_request_command(request, user, kerberos_enabled, keytab, principal)
process = Popen(get_state_json_cmd, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(get_state_json_cmd), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
logger.error(str(err))
Expand Down
17 changes: 9 additions & 8 deletions ambari-infra/ambari-infra-solr-client/src/main/python/migrationHelper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
from subprocess import Popen, PIPE

import solrDataManager as solr_data_manager
import shlex

HTTP_PROTOCOL = 'http'
HTTPS_PROTOCOL = 'https'
Expand Down Expand Up @@ -843,7 +844,7 @@ def monitor_solr_async_request(options, config, status_request, request_id):
async_request_timed_out = False
while not async_request_finished:
tries = tries + 1
process = Popen(request_status_json_cmd, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(request_status_json_cmd), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
raise Exception("{0} command failed: {1}".format(request_status_json_cmd, str(err)))
Expand Down Expand Up @@ -893,7 +894,7 @@ def delete_collection(options, config, collection, solr_urls, response_data_map)
request = DELETE_SOLR_COLLECTION_URL.format(solr_url, collection, async_id)
logger.debug("Solr request: {0}".format(request))
delete_collection_json_cmd=create_solr_api_request_command(request, config)
process = Popen(delete_collection_json_cmd, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(delete_collection_json_cmd), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
raise Exception("{0} command failed: {1}".format(delete_collection_json_cmd, str(err)))
Expand All @@ -910,7 +911,7 @@ def create_collection(options, config, solr_urls, collection, config_set, shards
request = CREATE_SOLR_COLLECTION_URL.format(get_random_solr_url(solr_urls, options), collection, config_set, shards, replica, max_shards_per_node)
logger.debug("Solr request: {0}".format(request))
create_collection_json_cmd=create_solr_api_request_command(request, config)
process = Popen(create_collection_json_cmd, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(create_collection_json_cmd), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
raise Exception("{0} command failed: {1}".format(create_collection_json_cmd, str(err)))
Expand All @@ -925,7 +926,7 @@ def reload_collection(options, config, solr_urls, collection):
request = RELOAD_SOLR_COLLECTION_URL.format(get_random_solr_url(solr_urls, options), collection)
logger.debug("Solr request: {0}".format(request))
reload_collection_json_cmd=create_solr_api_request_command(request, config)
process = Popen(reload_collection_json_cmd, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(reload_collection_json_cmd), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
raise Exception("{0} command failed: {1}".format(reload_collection_json_cmd, str(err)))
Expand Down Expand Up @@ -962,7 +963,7 @@ def get_replica_index_size(config, core_url, replica):
request = CORE_DETAILS_URL.format(core_url)
logger.debug("Solr request: {0}".format(request))
get_core_detaul_json_cmd=create_solr_api_request_command(request, config)
process = Popen(get_core_detaul_json_cmd, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(get_core_detaul_json_cmd), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
raise Exception("{0} command failed: {1}".format(get_core_detaul_json_cmd, str(err)))
Expand All @@ -980,7 +981,7 @@ def delete_znode(options, config, znode):
logger.debug("Solr cli command: {0}".format(solr_cli_command))
sys.stdout.write('Deleting znode {0} ... '.format(znode))
sys.stdout.flush()
process = Popen(solr_cli_command, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(solr_cli_command), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
sys.stdout.write(colors.FAIL + 'FAILED\n' + colors.ENDC)
Expand All @@ -999,7 +1000,7 @@ def copy_znode(options, config, copy_src, copy_dest, copy_from_local=False, copy
logger.debug("Solr cli command: {0}".format(solr_cli_command))
sys.stdout.write('Transferring data from {0} to {1} ... '.format(copy_src, copy_dest))
sys.stdout.flush()
process = Popen(solr_cli_command, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(solr_cli_command), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
sys.stdout.write(colors.FAIL + 'FAILED\n' + colors.ENDC)
Expand Down Expand Up @@ -1031,7 +1032,7 @@ def list_collections(options, config, output_file, include_number_of_docs=False)
logger.debug("Solr cli command: {0}".format(solr_cli_command))
sys.stdout.write('Dumping collections data to {0} ... '.format(output_file))
sys.stdout.flush()
process = Popen(solr_cli_command, stdout=PIPE, stderr=PIPE, shell=True)
process = Popen(shlex.split(solr_cli_command), stdout=PIPE, stderr=PIPE, shell=False)
out, err = process.communicate()
if process.returncode != 0:
sys.stdout.write(colors.FAIL + 'FAILED\n' + colors.ENDC)
Expand Down
7 changes: 5 additions & 2 deletions ambari-metrics/ambari-metrics-host-monitoring/src/main/python/psutil/psutil/_pssunos.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
from psutil._compat import namedtuple, PY3
import _psutil_posix
import _psutil_sunos as cext
import shlex


__extra__all__ = ["CONN_IDLE", "CONN_BOUND"]
Expand Down Expand Up @@ -433,8 +434,10 @@ def _get_unix_sockets(self, pid):
# TODO: rewrite this in C (...but the damn netstat source code
# does not include this part! Argh!!)
cmd = "pfiles %s" % pid
p = subprocess32.Popen(cmd, shell=True, stdout=subprocess32.PIPE,
stderr=subprocess32.PIPE)
p = subprocess32.Popen(shlex.split(cmd),
shell=False,
stdout=subprocess32.PIPE,
stderr=subprocess32.PIPE)
stdout, stderr = p.communicate()
if PY3:
stdout, stderr = [x.decode(sys.stdout.encoding)
Expand Down
3 changes: 2 additions & 1 deletion ambari-metrics/ambari-metrics-timelineservice/conf/unix/sqlline/phoenix_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import os
import fnmatch
import subprocess
import shlex

def find(pattern, classPaths):
paths = classPaths.split(os.pathsep)
Expand Down Expand Up @@ -62,7 +63,7 @@ def which(file):
def findClasspath(file):
aPath = which(file)
command = "%s%s" %(aPath, ' classpath')
return subprocess.Popen(command, shell=True, stdout=subprocess.PIPE).stdout.read()
return subprocess.Popen(shlex.split(command), shell=False, stdout=subprocess.PIPE).stdout.read()

def setPath():
PHOENIX_CLIENT_JAR_PATTERN = "phoenix-*-client.jar"
Expand Down
3 changes: 2 additions & 1 deletion ambari-metrics/ambari-metrics-timelineservice/conf/unix/sqlline/sqlline.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import phoenix_utils
import atexit
import fnmatch
import shlex

# Set JAVA_HOME or JDK_HOME before running sqlline.py
# Example: ./sqlline.py localhost:61181:/ams-hbase-unsecure
Expand Down Expand Up @@ -95,7 +96,7 @@ def find_java():

print 'java command: %s' % str(java_cmd)

childProc = subprocess.Popen(java_cmd, shell=True)
childProc = subprocess.Popen(shlex.split(java_cmd), shell=False)
#Wait for child process exit
(output, error) = childProc.communicate()
returncode = childProc.returncode
Expand Down
9 changes: 5 additions & 4 deletions ambari-server/src/main/python/ambari_server/serverSetup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
from ambari_commons import subprocess32
import getpass
import logging
import shlex

from ambari_commons.exceptions import FatalException
from ambari_commons.firewall import Firewall
Expand Down Expand Up @@ -846,11 +847,11 @@ def adjust_jce_permissions(self, jdk_path):

cmd = " && ".join(cmds)

process = subprocess32.Popen(cmd,
process = subprocess32.Popen(shlex.split(cmd),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this part of the code it is possible to get an error due to the fact that the && character is used to chain multiple commands together in a shell environment (like bash on Linux), but when you pass your command to subprocess32.Popen it does not will be interpreted by a shell, so the && will not be recognized as a valid operator.

In addition to the command being used '*' and this can be a problem with the use of shlex, so I suggest using the glob module. As a suggestion, you have the code below that I developed

if ambari_user:
      cmds.append(self.SET_JCE_PERMISSIONS.format(ambari_user, jdk_path, configDefaults.JDK_SECURITY_DIR))
    cmds.append(self.SET_JCE_FILE_MODE.format(jdk_path, configDefaults.JDK_SECURITY_DIR, "*"))
    cmds.append(self.SET_JCE_JAR_MODE.format(jdk_path, configDefaults.JDK_SECURITY_DIR, "*.jar"))
    for cmd in cmds:
      if '*' in cmd:
          try:
              cmd_parts = shlex.split(cmd)
              files_to_process = glob.glob(cmd_parts[-1])
              
              for file_path in files_to_process:
                  cmd_parts[-1] = file_path
                  process = subprocess32.Popen(cmd_parts,
                                              stdout=subprocess32.PIPE,
                                              stdin=subprocess32.PIPE,
                                              stderr=subprocess32.PIPE,
                                              shell=False
                                              )
                  (stdoutdata, stderrdata) = process.communicate()

                  if process.returncode != 0:
                      print("Failed to change permissions for '{0}'. Stderr: {1}".format(file_path, stderrdata))
          except Exception as e:
              print("Error executing command: {0}".format(str(e)))

stdout=subprocess32.PIPE,
stdin=subprocess32.PIPE,
stderr=subprocess32.PIPE,
shell=True
shell=False
)
(stdoutdata, stderrdata) = process.communicate()

Expand Down Expand Up @@ -1281,11 +1282,11 @@ def check_ambari_java_version_is_valid(java_home, java_bin, min_version, propert
print 'Check JDK version for Ambari Server...'
try:
command = JDK_VERSION_CHECK_CMD.format(os.path.join(java_home, 'bin', java_bin))
process = subprocess32.Popen(command,
process = subprocess32.Popen(shlex.split(command),
stdout=subprocess32.PIPE,
stdin=subprocess32.PIPE,
stderr=subprocess32.PIPE,
shell=True
shell=False
)
(out, err) = process.communicate()
if process.returncode != 0:
Expand Down
5 changes: 3 additions & 2 deletions ambari-server/src/main/python/ambari_server/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import logging
import platform
import xml.etree.ElementTree as ET
import shlex

from ambari_commons import OSConst,OSCheck
from ambari_commons.logging_utils import print_error_msg
Expand Down Expand Up @@ -272,11 +273,11 @@ def get_postgre_hba_dir(OS_FAMILY):
pg_hba_init_basename = os.path.basename(get_pg_hba_init_files())
# Get postgres_data location (default: /var/lib/pgsql/data)
cmd = "alias basename='echo {0}; true' ; alias exit=return; source {1} status &>/dev/null; echo $PGDATA".format(pg_hba_init_basename, get_pg_hba_init_files())
p = subprocess32.Popen(cmd,
p = subprocess32.Popen(shlex.split(cmd),
stdout=subprocess32.PIPE,
stdin=subprocess32.PIPE,
stderr=subprocess32.PIPE,
shell=True)
shell=False)
(PG_HBA_ROOT, err) = p.communicate()

if PG_HBA_ROOT and len(PG_HBA_ROOT.strip()) > 0:
Expand Down
7 changes: 6 additions & 1 deletion ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from resource_management.core.resources.system import Execute, Directory
from resource_management.core.exceptions import Fail
from resource_management.core.logger import Logger
import shlex

import hawq_constants

Expand Down Expand Up @@ -83,7 +84,11 @@ def exec_ssh_cmd(hostname, cmd):
# Only gpadmin should be allowed to run command via ssh, thus not exposing user as a parameter
cmd = "su - {0} -c \"ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null {1} \\\"{2} \\\" \"".format(hawq_constants.hawq_user, hostname, cmd)
Logger.info("Command executed: {0}".format(cmd))
process = subprocess32.Popen(cmd, stdout=subprocess32.PIPE, stdin=subprocess32.PIPE, stderr=subprocess32.PIPE, shell=True)
process = subprocess32.Popen(shlex.split(cmd),
stdout=subprocess32.PIPE,
stdin=subprocess32.PIPE,
stderr=subprocess32.PIPE,
shell=False)
(stdout, stderr) = process.communicate()
return process.returncode, stdout, stderr

Expand Down
3 changes: 2 additions & 1 deletion ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import urllib2
import urllib
from ambari_commons import subprocess32
import shlex

def makeHTTPCall(url, header={}, body=None):
# timeout in seconds
Expand All @@ -45,5 +46,5 @@ def makeHTTPCall(url, header={}, body=None):


def runLocalCmd(cmd):
return subprocess32.call(cmd, shell=True)
return subprocess32.call(shlex.split(cmd), shell=False)

Loading