87 "MacOS does not support detection of libsodium, please ensure that libsodium is installed."
88 )
89 try:
90 process = subprocess.Popen( 91 "brew info libsodium", shell=True, stdout=subprocess.PIPE 92 ) 93 try:
94 out = process.communicate(timeout=15)[0]
95 except subprocess.TimeoutExpired:
109 return False
110 else:
111 try:
112 process = subprocess.Popen(113 "ldconfig -p | grep libsodium", shell=True, stdout=subprocess.PIPE114 )115 try:
116 out = process.communicate(timeout=15)[0]
117 except subprocess.TimeoutExpired:
84 return 0, 0, [], 0
85
86 finally:
87 os.system("taskkill /im chromedriver.exe /F")88
89
90if __name__ == "__main__":
67 return 0, 0, [], 0
68
69 finally:
70 os.system("taskkill /im chromedriver.exe /F")71
72
73if __name__ == "__main__":
Python possesses many mechanisms to invoke an external executable. If the desired executable path is not fully qualified relative to the filesystem root then this may present a potential security risk.
In POSIX environments, the PATH environment variable is used to specify a set of standard locations that will be searched for the first matching named executable. While convenient, this behavior may allow a malicious actor to exert control over a system. If they are able to adjust the contents of the PATH variable, or manipulate the file system, then a bogus executable may be discovered in place of the desired one. This executable will be invoked with the user privileges of the Python process that spawned it, potentially a highly privileged user.
This test will scan the parameters of all configured Python methods, looking for paths that do not start at the filesystem root, that is, do not have a leading ‘/’ character.
import subprocess
subprocess.run(['calculator', '-u', 'critical', msg], check=True) # Sensitive, Path not qualified from root
import subprocess
subprocess.run(['/usr/bin/calculator', '-u', 'critical', msg], check=True) # Path qualified from root