From 60c687e9cd5b50b27bb1058ba9cc962d60e51974 Mon Sep 17 00:00:00 2001
From: Hai Shi <shihai1992@gmail.com>
Date: Fri, 17 Mar 2017 16:53:26 +0800
Subject: [PATCH] Avoid shell=True in subprocess

'shell=True' has a potential security danger, so
we need avoid this usage.

Refs:
[1] https://security.openstack.org/guidelines/dg_avoid-shell-true.html

Change-Id: I095e69c70f82467211a63323530a0b1753c5b952
Closes-Bug: #1508103
---
 rally/plugins/workload/siege.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rally/plugins/workload/siege.py b/rally/plugins/workload/siege.py
index b983e88f..9b245b74 100644
--- a/rally/plugins/workload/siege.py
+++ b/rally/plugins/workload/siege.py
@@ -46,8 +46,9 @@ def generate_urls_list(instances):
 def run():
     instances = list(get_instances())
     urls = generate_urls_list(instances)
-    out = subprocess.check_output("siege -q -t 60S -b -f %s" % urls,
-                                  shell=True, stderr=subprocess.STDOUT)
+    out = subprocess.check_output(
+        ["siege", "-q", "-t", "60S", "-b", "-f", urls],
+        stderr=subprocess.STDOUT)
     for line in out.splitlines():
         m = SIEGE_RE.match(line)
         if m: