sdk/python/Command Execution/PyOS

PyOS

The os standard library module. os.system() and os.popen() always invoke a shell and are injection sinks. os.exec* variants avoid the shell but are still sinks for the program path. Environment accessors (os.environ, os.getenv) are sources.

2 sources5 sinks

Taint flow2 sources → 5 sinks

Sources — untrusted input

.getenv()Reads environment variable

.environ()Process environment map

→

taint

Sinks — dangerous call

.system()Executes command via the shell

.popen()Opens a pipe to a shell command

.execv()Replaces the current process

.execvp()Like execv but searches PATH

.spawnv()Spawns a new process

Sources

— user-controlled input enters here

.getenv()Source

Signature

os.getenv(key: str, default: str | None = None) -> str | None

Reads environment variable. Source when attacker controls env (container / CI).

tracks:return

.environ()Source

Signature

os.environ: dict[str, str]

Process environment map. Reading from it is a source.

tracks:return

Sinks

— dangerous functions taint must not reach

.system()Sink

Signature

os.system(command: str) -> int

Executes command via the shell. Command-injection sink.

tracks:0

.popen()Sink

Signature

os.popen(command: str, mode: str = 'r') -> IO

Opens a pipe to a shell command. Injection sink.

tracks:0

.execv()Sink

Signature

os.execv(path: str, args: list) -> None

Replaces the current process. Sink for user-controlled program path.

tracks:0, 1

.execvp()Sink

Signature

os.execvp(file: str, args: list) -> None

Like execv but searches PATH. Same injection risk.

tracks:0, 1

.spawnv()Sink

Signature

os.spawnv(mode: int, path: str, args: list) -> int

Spawns a new process. Sink for user-controlled program path.

tracks:1, 2

Fully-Qualified Names

FQN	Field
os	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyOS

← PreviousPyFcntl

Next →PyPexpect