Skip to content

Security: Dangerous use of dynamic content in process spawning (audit finding) #574

Description

@sourcery-ai

A security audit has flagged the use of dynamic content when spawning a process in the codebase (source: opengrep). This pattern is dangerous if any external data can reach the process-spawning function, as it could allow a malicious actor to execute arbitrary commands. While this is currently in experimental code and not an immediate concern, it should be addressed before moving out of the experimental phase.

Action items:

  • Review all instances where processes are spawned with dynamic content.
  • Ensure that no external or untrusted data can reach these function calls.
  • Consider using safer alternatives (e.g., passing arguments as a list, using subprocess.run with shell=False, or sanitizing inputs).
  • Add comments or documentation to clarify the security considerations in these areas.

Please prioritize this before the experimental code is promoted to production or wider use.


I created this issue for @ItsSimko from #563 (comment).

Tips and commands

Getting Help

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions