13 lines
420 B
YAML
13 lines
420 B
YAML
# Run: semgrep --config semgrep.yml applepy
|
|
# Or: semgrep --config=p/python applepy
|
|
|
|
rules:
|
|
- id: subprocess-with-shell-true
|
|
languages: [python]
|
|
severity: ERROR
|
|
message: Avoid subprocess with shell=True (injection risk).
|
|
pattern-either:
|
|
- pattern: subprocess.run(..., shell=True, ...)
|
|
- pattern: subprocess.Popen(..., shell=True, ...)
|
|
- pattern: subprocess.call(..., shell=True, ...)
|