Skip to content

Replace deprecated os.popen() call with Python's built-in file handling #865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Edu92337 wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Replace deprecated os.popen() call with Python's built-in file handling #865

Edu92337 wants to merge 1 commit into from

Conversation

@Edu92337
Copy link

@Edu92337 Edu92337 commented Jan 14, 2026

Description

This PR refactors the CPU serial reading logic in tools_views.py to use Python's native file I/O instead of the deprecated os.popen() function.

What changed:

  • Replaced os.popen("cat /proc/cpuinfo | grep Serial") with direct file reading using open()
  • Removed dependency on external shell commands (cat, grep)
  • Removed unused import os
  • Maintained identical behavior and error handling

Why this change:

  • os.popen() has been deprecated since Python 2.6
  • Eliminates unnecessary shell spawning, improving security posture for entropy generation
  • Removes dependency on external binaries that may not exist in all environments
  • Direct file I/O is more performant (avoids spawning shell and piped processes)
  • Follows modern Python best practices for reading procfs files

Security context:
Since this code is part of the entropy generation pathway for seed creation in a Bitcoin hardware wallet, eliminating any shell interaction—even with static strings—reduces the attack surface and follows defense-in-depth principles.

This pull request is categorized as a:

  • New feature
  • Bug fix
  • Code refactor
  • Documentation
  • Other

Checklist

  • I've run pytest and made sure all unit tests pass before submitting the PR

If you modified or added functionality/workflow, did you add new unit tests?

  • No, I'm a fool
  • Yes
  • N/A (refactor maintains identical behavior, existing tests should cover this)

I have tested this PR on the following platforms/os:

  • Raspberry Pi OS Manual Build
  • SeedSigner OS on a Pi0/Pi0W board
  • Other: Local development environment with /proc/cpuinfo verification

Testing methodology:

  • Verified Python syntax compiles without errors
  • Code review confirms identical logic for extracting Serial field
  • Fallback behavior (hash_bytes = b'0') preserved on exceptions

Note: No existing unit tests cover this specific code path (image entropy generation). The refactor maintains identical behavior, so existing integration should work unchanged. I don't currently have access to physical Raspberry Pi hardware, but happy to work with maintainers who have hardware access to validate before merging.

Fixes #856

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Harden: Replace os.popen with Python file handling in tools_views.py

1 participant

@Edu92337