A-Tune-Collector/CVE-2024-24897.patch

From c59e9b4dd509a456fb1fedb50cc7ff9ef7ad55f9 Mon Sep 17 00:00:00 2001
From: zhoupengcheng <zhoupengcheng11@huawei.com>
Date: Mon, 11 Mar 2024 19:05:07 +0800
Subject: [PATCH] preventing possible Shell command injection

---
 atune_collector/plugin/monitor/process/sched.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/atune_collector/plugin/monitor/process/sched.py b/atune_collector/plugin/monitor/process/sched.py
index 0fadeba..82e6d9f 100644
--- a/atune_collector/plugin/monitor/process/sched.py
+++ b/atune_collector/plugin/monitor/process/sched.py
@@ -68,8 +68,9 @@ class ProcSched(Monitor):
                         raise err
         
         for app in self.__applications:
-            pid = subprocess.getoutput(
-                "ps -A | grep {} | awk '{{print $1}}'".format(app)).split()
+            pid = subprocess.getoutput("ps -A")
+            app_processes = [line for line in pid.split('\n') if app in line]
+            pid = [line.split()[0] for line in app_processes]
             app_pid_flag = True if pid else False
             proc_flag.append(app_pid_flag)
             if pid:
-- 
2.33.0