third_party/WebKit/Tools/Scripts/webkitpy/common/system/executive.py uses subprocess in unsafe manner |
|||||||
Issue descriptionthird_party/WebKit/Tools/Scripts/webkitpy/common/system/executive.py makes heavy usage of subprocess. Most of the time it is in a safe manner (by using p.communicate()) but Executive._run_command_with_teed_output does not. This _run_command_with_teed_output doesn't seem to be used anywhere? --------------------------- tansell@tansell-z620-l2:/fast/chrome/src$ grep -R "_run_command_with_teed_output" third_party/WebKit third_party/WebKit/Tools/Scripts/webkitpy/common/system/executive.py: def _run_command_with_teed_output(self, args, teed_output, **kwargs): Binary file third_party/WebKit/Tools/Scripts/webkitpy/common/system/executive.pyc matches --------------------------- Recommended action; * Removed _run_command_with_teed_output * Change self.popen to be a "call_output" method (like subprocess.check_output) which always uses .communicate
,
May 10 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/141b51fc2b3a3e6ce3cc4566c42bd20a30b86c21 commit 141b51fc2b3a3e6ce3cc4566c42bd20a30b86c21 Author: tansell <tansell@chromium.org> Date: Tue May 10 21:55:11 2016 webkitpy: Remove unused _run_command_with_teed_output This function appears to be unused and it also uses subprocess in an unsafe manner (see http://crbug.com/610613). BUG= 610618 R=jam@chromium.org,qyearsley@chromium.org,dpranke@chromium.org Review-Url: https://codereview.chromium.org/1961223004 Cr-Commit-Position: refs/heads/master@{#392735} [modify] https://crrev.com/141b51fc2b3a3e6ce3cc4566c42bd20a30b86c21/third_party/WebKit/Tools/Scripts/webkitpy/common/system/executive.py
,
May 18 2016
,
May 18 2016
Deprecating component:Blink>LayoutTests, to use label Test=Layout instead. Merging these to component:Blink for the Blink rotation to pick up and re-triage as appropriate.
,
May 23 2016
,
Mar 8 2017
The next action here would be point 2 in the original post: * Change self.popen to be a "call_output" method (like subprocess.check_output) which always uses .communicate
,
Mar 8 2017
You can't change popen() to be a call method like communicate, the whole point is that it's *not* communicate. I.e., that it doesn't block waiting for the subprocess to exit. It may be that there are things calling popen that shouldn't be, but I don't think you can eliminate all uses of popen. We need to be able to talk to long-running processes, and I don't know of another way to do that?
,
Apr 13 2018
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 20 2018
In light of comment 8, going to close this. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by tansell@chromium.org
, May 10 2016The self.popen command is used by a bunch of other code under third_party/WebKit a bunch of the calls are using the stdout/stderr in an unsafe manner. --------------------------- tansell@tansell-z620-l2:/fast/chrome/src$ ack --type=python "popen\(" third_party/WebKit/ third_party/WebKit/Tools/Scripts/webkitpy/tool/commands/rebaseline.py 832: process = self._tool.executive.popen(subprocess_command, stdout=self._tool.executive.PIPE, 995: process = self._tool.executive.popen(command, stdout=self._tool.executive.PIPE, stderr=self._tool.executive.STDOUT) third_party/WebKit/Tools/Scripts/webkitpy/common/system/profiler.py 148: self._perf_process = self._host.executive.popen(cmd) 188: self._profiler_process = self._host.executive.popen(cmd) 208: self._profiler_process = self._host.executive.popen(cmd) third_party/WebKit/Tools/Scripts/webkitpy/common/system/executive_unittest.py 120: executive.popen(command_line('echo', 1), stdout=executive.PIPE).wait() 126: executive.popen(args=command_line('echo', 1), stdout=executive.PIPE).wait() third_party/WebKit/Tools/Scripts/webkitpy/layout_tests/servers/apache_http.py 139: self._process = self._executive.popen(self._start_cmd) 166: proc = self._executive.popen([self._port_obj.path_to_apache(), third_party/WebKit/Tools/Scripts/webkitpy/layout_tests/servers/server_base.py 166: self._process = self._executive.popen(self._start_cmd, third_party/WebKit/Tools/Scripts/webkitpy/layout_tests/bisect_test_ordering.py 151: output = self.executive.popen([path_to_run_webkit_tests, '--child-processes', '1', '--order', 'none', '--no-retry', third_party/WebKit/Tools/Scripts/webkitpy/layout_tests/port/base.py 1133: self._helper = self._executive.popen([helper_path], third_party/WebKit/Tools/Scripts/webkitpy/layout_tests/port/server_process.py 140: self._proc = self._host.executive.popen(self._cmd, stdin=self._host.executive.PIPE, third_party/WebKit/Tools/Scripts/webkitpy/layout_tests/port/android.py 733: self._perf_process = self._host.executive.popen(cmd) 946: self._port.host.executive.popen(self._android_commands.adb_command() + ['shell', MD5SUM_DEVICE_PATH, device_file], 949: self._port.host.executive.popen(args=['%s_host' % self._md5sum_path, host_file], third_party/WebKit/Tools/Scripts/webkitpy/w3c/deps_updater.py 167: proc = self.executive.popen(cmd, stdout=self.executive.PIPE, stderr=self.executive.PIPE) ---------------------------