alibabacloud-sas-multiaccount-manage
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The scripts accounts.py, baseline.py, and vuln.py interact with the Alibaba Cloud environment by executing the official aliyun CLI. These commands are used to fetch account metadata and trigger the generation of security reports. The use of subprocess and asyncio.subprocess with argument lists ensures safe execution and prevents shell injection.
- [EXTERNAL_DOWNLOADS]: The baseline.py and vuln.py scripts download security reports (baselines and vulnerabilities) from Alibaba Cloud endpoints. These downloads are performed using the standard urllib library and target URLs dynamically generated by the official Alibaba Cloud SAS API.
Audit Metadata