lgtm warning - misc. #329

avan989 · 2019-12-23T16:42:03Z

Describe the bug
reference issues #320

posix/osfileapi.c

line 186:
execl(shell, "sh", "-c", Cmd, NULL); /* does not return if successful */
--
  | The value of this argument may come from call to getenv and is being passed to execl

Reporter Info
Anh Van, NASA Goddard

The text was updated successfully, but these errors were encountered:

avan989 · 2019-12-26T18:11:24Z

Moved osapi-filesys.c, and os-impl-posix-files.c to separate issue.

skliper · 2019-12-30T14:07:01Z

This is a significant security concern. Suggestion is to separate out the shell functionality and make it optionally included (preference is per build system option). Or remove shell functionality entirely.

Related to nasa/cFE#84

skliper · 2020-01-08T19:53:39Z

CCB 20190108 - see comment on #332, will move forward with current pull request and consider separation/optional inclusion in the future.

skliper mentioned this issue Jan 8, 2020

Fix #329, resolve osfileapi.c lgtm issue #332

Closed

skliper added the enhancement label Jan 15, 2020

skliper added this to the 5.1.0 milestone Jan 15, 2020

skliper mentioned this issue Jan 21, 2020

Integration Candidate 20200121 #355

Merged

skliper closed this as completed in #355 Jan 27, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lgtm warning - misc. #329

lgtm warning - misc. #329

avan989 commented Dec 23, 2019 •

edited

Loading

avan989 commented Dec 26, 2019

skliper commented Dec 30, 2019

skliper commented Jan 8, 2020

lgtm warning - misc. #329

lgtm warning - misc. #329

Comments

avan989 commented Dec 23, 2019 • edited Loading

avan989 commented Dec 26, 2019

skliper commented Dec 30, 2019

skliper commented Jan 8, 2020

avan989 commented Dec 23, 2019 •

edited

Loading