A security audit has flagged the use of dynamic content when spawning a process in the codebase (source: opengrep). This pattern is dangerous if any external data can reach the process-spawning function, as it could allow a malicious actor to execute arbitrary commands. While this is currently in experimental code and not an immediate concern, it should be addressed before moving out of the experimental phase.
Action items:
- Review all instances where processes are spawned with dynamic content.
- Ensure that no external or untrusted data can reach these function calls.
- Consider using safer alternatives (e.g., passing arguments as a list, using subprocess.run with
shell=False, or sanitizing inputs).
- Add comments or documentation to clarify the security considerations in these areas.
Please prioritize this before the experimental code is promoted to production or wider use.
I created this issue for @ItsSimko from #563 (comment).
Tips and commands
Getting Help
A security audit has flagged the use of dynamic content when spawning a process in the codebase (source: opengrep). This pattern is dangerous if any external data can reach the process-spawning function, as it could allow a malicious actor to execute arbitrary commands. While this is currently in experimental code and not an immediate concern, it should be addressed before moving out of the experimental phase.
Action items:
shell=False, or sanitizing inputs).Please prioritize this before the experimental code is promoted to production or wider use.
I created this issue for @ItsSimko from #563 (comment).
Tips and commands
Getting Help