Avoid spawning a shell when spawning subprocess for git

3YOURMIND / django-migration-linter

:rocket: Detect backward incompatible migrations for your django project

https://pypi.python.org/pypi/django-migration-linter/

Apache License 2.0

514 stars 56 forks source link

Avoid spawning a shell when spawning subprocess for git #278

Closed lieryan closed 4 months ago

lieryan commented 5 months ago

This avoids security shenanigans that can come if your git-commit-id may come from potentially untrusted source (e.g. a build/linter service's API), an attacker could trick the build system to run lint commands like:

./manage.py lintmigrations --git-commit-id '; rm -rf dangerous'

or perhaps a malicious project may set a config like and told you to run lintmigrations:

[tool.django_migration_linter]
git_commit_id = "; rm -rf dangerous"

codecov-commenter commented 4 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (fff081f) 96.47% compared to head (0ccacaa) 96.47%.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #278 +/- ## ======================================= Coverage 96.47% 96.47% ======================================= Files 66 66 Lines 1191 1191 ======================================= Hits 1149 1149 Misses 42 42 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

David-Wobrock commented 4 months ago

Nice, thank you very much @lieryan 🙏