Merge pull request #6 from CMCC-Foundation/no-shell

Adding #nosec to trusted subprocess lines

Author: atakeigor

main.py

@@ -367,8 +367,8 @@ def run_medslik_sim(self, simdir, simname, separate_slicks=False):
             # Compile and start running (replacing `cd` with `cwd`)
             compile_script = "MODEL_SRC/compile.sh"
             run_script = "RUN.sh"
-            subprocess.run(["sh", compile_script], check=True, cwd=os.path.join(model_dir, "RUN"))
-            subprocess.run(["./" + run_script], check=True, cwd=os.path.join(model_dir, "RUN"))
+            subprocess.run(["sh", compile_script], check=True, cwd=os.path.join(model_dir, "RUN")) # nosec
+            subprocess.run(["./" + run_script], check=True, cwd=os.path.join(model_dir, "RUN")) # nosec
 
         else:
             # Handle separate slicks
@@ -391,8 +391,8 @@ def run_medslik_sim(self, simdir, simname, separate_slicks=False):
                 # Compile and start running
                 compile_script = "MODEL_SRC/compile.sh"
                 run_script = "RUN.sh"
-                subprocess.run(["sh", compile_script], check=True, cwd=os.path.join(model_dir, "RUN"))
-                subprocess.run(["./" + run_script], check=True, cwd=os.path.join(model_dir, "RUN"))
+                subprocess.run(["sh", compile_script], check=True, cwd=os.path.join(model_dir, "RUN")) # nosec
+                subprocess.run(["./" + run_script], check=True, cwd=os.path.join(model_dir, "RUN")) # nosec
 
         # Copy output files (replacing `cp -r`)
         output_dest = os.path.join(simdir, simname, "out_files")

src/plot/plot_mdk3.py

@@ -181,7 +181,7 @@ def create_gif(self):
                     {self.out_figures}/oil_concentration_{self.config['simulation']['name']}.gif"
             ],
             # shell=True,
-        )
+        ) # nosec
 
     def plot_pyngl(
         self,
@@ -210,7 +210,7 @@ def plot_pyngl(
             ],
             # shell=True,
             check=True,
-        )
+        ) # nosec
 
 
 if __name__ == "__main__":