nsepython icon indicating copy to clipboard operation
nsepython copied to clipboard
verified publisher icon aeron7

Command Injection risk in rahu.py via insecure os.popen usage

Open w1z1y123 opened this issue 3 weeks ago • 1 comments

I recently analyzed nsepython using Bandit and identified a critical security vulnerability involving Command Injection.

Location File: nsepython/rahu.py Line: 32

cmd = f'curl -b cookies.txt "{encoded_url}" {curl_headers}'
raw = os.popen(cmd).read()

The Vulnerability The code constructs a system command using f-strings and executes it directly via os.popen. This is dangerous because if any part of encoded_url or curl_headers contains untrusted input (or if the library is used in a web app context), an attacker could inject shell commands (e.g., using ; or &&). Recommendation Avoid using os.popen with shell commands. Instead, use the standard python requests library to handle HTTP requests, which is secure by design and does not spawn a system shell.

# Suggested Fix
import requests
response = requests.get(encoded_url, headers=headers, cookies=cookies)

w1z1y123 avatar Dec 21 '25 06:12 w1z1y123