apollo_network: broadcast network stress test draft #8303
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This change is |
Contributor
Author
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
![semgrep-code-starkware-libs[bot]](https://avatars.githubusercontent.com/u/59333826?s=60&v=4){kind=small}
| try: | ||
| result = subprocess.run( | ||
| cmd, | ||
| shell=True, |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Found 'subprocess' function 'run' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False' instead.
To resolve this comment:
✨ Commit Assistant fix suggestion
Suggested change
| shell=True, | |
| shell=False, |
View step-by-step instructions
- Change the value of the
shellparameter fromTruetoFalsein thesubprocess.runcall. - Change the
cmdargument from a single string to a list of command arguments. Break up the string at spaces and make each part an element of the list. For example,cmd = ["cargo", "run", "--bin", "get_peer_id_from_secret_key", secret_key]. - Pass this list directly to
subprocess.run()as the first argument.
This prevents the shell from interpreting the command and reduces the risk of shell injection attacks.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by subprocess-shell-true.
You can view more details about this finding in the Semgrep AppSec Platform.
|
Benchmark movements: No major performance changes detected. |
sirandreww-starkware
force-pushed
the
graphite-base/8303
branch
from
d04380c to
61e6485
Compare
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
from
b24e12f to
30f4a37
Compare
sirandreww-starkware
changed the base branch from
graphite-base/8303
to
07-29-waker-option-instead-of-vec-fix
sirandreww-starkware
changed the base branch from
07-29-waker-option-instead-of-vec-fix
to
graphite-base/8303
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
from
30f4a37 to
a604cea
Compare
sirandreww-starkware
force-pushed
the
graphite-base/8303
branch
from
61e6485 to
a52944b
Compare
sirandreww-starkware
changed the base branch from
graphite-base/8303
to
07-31-apollo_network_decreased_hearbeat_length_and_history_and_gossip
This was referenced Aug 6, 2025
sirandreww-starkware
changed the base branch from
07-31-apollo_network_decreased_hearbeat_length_and_history_and_gossip
to
graphite-base/8303
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
from
a604cea to
f9b196a
Compare
sirandreww-starkware
force-pushed
the
graphite-base/8303
branch
from
a52944b to
8f65443
Compare
sirandreww-starkware
changed the base branch from
graphite-base/8303
to
07-30-apollo_network_turned_off_flood_publish_in_gossipsub
sirandreww-starkware
force-pushed
the
graphite-base/8303
branch
from
1dd11f1 to
5d2213f
Compare
sirandreww-starkware
changed the base branch from
graphite-base/8303
to
25-sep-17-broadcast-network-stress-test-1
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
from
8a0c365 to
ed57747
Compare
sirandreww-starkware
changed the base branch from
25-sep-17-broadcast-network-stress-test-1
to
graphite-base/8303
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
from
ed57747 to
5ee188a
Compare
sirandreww-starkware
force-pushed
the
graphite-base/8303
branch
from
5d2213f to
1677cf0
Compare
sirandreww-starkware
changed the base branch from
graphite-base/8303
to
25-sep-29-bnst-metrics
This was referenced Sep 30, 2025
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
from
5ee188a to
a1645a3
Compare
This was referenced Oct 15, 2025
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
from
a1645a3 to
d97f628
Compare
sirandreww-starkware
force-pushed
the
25-sep-29-bnst-metrics
branch
from
00dcd1d to
d6d6346
Compare
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
4 times, most recently
from
735f358 to
9024760
Compare
sirandreww-starkware
force-pushed
the
25-sep-29-bnst-metrics
branch
from
d6d6346 to
4f96406
Compare
sirandreww-starkware
force-pushed
the
25-sep-29-bnst-metrics
branch
from
4f96406 to
5827ce7
Compare
sirandreww-starkware
force-pushed
the
07-29-apollo-network-broadcast-network-stress-test-draft
branch
from
9024760 to
92c87f1
Compare
This was referenced Nov 12, 2025
Draft
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.