200 elif os.path.basename(sys.argv[0]) in ['lore', 'lore.exe']:
201 args[0] = BIN_LORE
202 try:
203 os.execv(args[0], args)204 except Exception as e:
205 if args[0] == BIN_LORE and args[1] == 'console' and JUPYTER_KERNEL_PATH:
206 print(ansi.error() + ' Your jupyter kernel may be corrupt. Please remove it so lore can reinstall:\n $ rm ' + JUPYTER_KERNEL_PATH)
556 port = parsed.port or os.environ.get('PORT') or '5000'
557 args = [env.BIN_FLASK, 'run', '--port', port, '--host', host] + unknown
558 os.environ['FLASK_APP'] = env.FLASK_APP
559 os.execv(env.BIN_FLASK, args) 560
561
562def console(parsed, unknown):
845 install_jupyter_kernel()
846 args = [env.BIN_JUPYTER, 'lab'] + unknown
847 print(ansi.success('JUPYTER') + ' ' + str(env.BIN_JUPYTER))
848 os.execv(env.BIN_JUPYTER, args) 849
850
851def install_darwin():
838 install_jupyter_kernel()
839 args = [env.BIN_JUPYTER, 'notebook'] + unknown
840 print(ansi.success('JUPYTER') + ' ' + str(env.BIN_JUPYTER))
841 os.execv(env.BIN_JUPYTER, args) 842
843
844def lab(parsed, unknown):
570
571 print(ansi.success('JUPYTER') + ' ' + str(env.BIN_JUPYTER))
572 os.environ['PYTHONSTARTUP'] = startup
573 os.execv(env.BIN_JUPYTER, args) 574
575
576def execute(parsed, unknown):
Spawning of a subprocess in a way that doesn't use a shell is generally safe, but it maybe useful for penetration testing workflows to track where external system calls are used.
Python possesses many mechanisms to invoke an external executable. However, doing so may present a security issue if appropriate care is not taken to sanitize any user provided or variable input.
import os
# Creating subprocess:
# The following calls can be sensitive if the command is not sanitized, since they are starting a subprocess.
os.spawnl(mode, path, *cmd)
os.spawnle(mode, path, *cmd, env)
os.spawnlp(mode, file, *cmd)
os.spawnlpe(mode, file, *cmd, env)
os.spawnv(mode, path, cmd)