Closed Swisk closed 1 year ago
Congratulations on your first Pull Request and welcome to Amundsen community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/amundsen-io/amundsen/blob/main/CONTRIBUTING.md)
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This issue has been automatically closed for inactivity. If you still wish to make these changes, please open a new pull request or reopen this one.
Description
By using shell=true in the subprocess command, there is a potential shell injection vulnerability. (see https://docs.python.org/3/library/subprocess.html#security-considerations)
Since the intention is merely to run a new process, and not take advantage of shell expansion or other tricks, there is no reason to run the subprocess in a new shell. Instead, we can provide the necessary arguments in a list and achieve the same result.
Motivation and Context
How Has This Been Tested?
The new subprocess.check_call commands were tested manually in an interactive python window, and compared to the old command. We verified that the output of the command was the same in both cases.
Documentation
CheckList