Skip to content

Commit

Permalink
Fix unsafe shell command in luigi/contrib/lsf.py
Browse files Browse the repository at this point in the history 
Fixes #3304

Update `track_job` function to use `shell=False` in `subprocess.Popen` call.

* Change the `cmd` variable to be a list of arguments instead of a single string.
* Set the `shell` parameter to `False` in the `subprocess.Popen` call.
  • Loading branch information
@Ali-Razmjoo
Ali-Razmjoo committed Sep 4, 2024
1 parent 74e6e63 commit bc0855c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions luigi/contrib/lsf.py
100755 → 100644
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,9 +81,9 @@ def track_job(job_id):
- "EXIT"
based on the LSF documentation
"""
cmd = "bjobs -noheader -o stat {}".format(job_id)
cmd = ["bjobs", "-noheader", "-o", "stat", str(job_id)]

Check warning on line 84 in luigi/contrib/lsf.py

View check run for this annotation

Codecov / codecov/patch

luigi/contrib/lsf.py#L84 

Added line #L84 was not covered by tests
track_job_proc = subprocess.Popen(
cmd, stdout=subprocess.PIPE, shell=True)
cmd, stdout=subprocess.PIPE, shell=False)
status = track_job_proc.communicate()[0].strip('\n')
return status

Expand Down

0 comments on commit bc0855c

Please sign in to comment.