fix: validate command input to prevent execution of untrusted input#2336
fix: validate command input to prevent execution of untrusted input#2336vikassaini77 wants to merge 10 commits into
Conversation
@vikassaini77 mind sign it pls otherwise there is nothing I can do to land it... 🦝 |
There was a problem hiding this comment.
Pull request overview
This PR hardens the examples/time_in_zone streaming helper by adding an allowlist check before executing external commands, reducing the risk of running unexpected executables when run_command() is called.
Changes:
- Added an allowlist (
docker,ffmpeg) validation inrun_command()before invokingsubprocess.run. - Replaced the prior “TODO validate command input” note with a concrete validation step.
| allowed_commands = ["docker", "ffmpeg"] | ||
| if not command or command[0] not in allowed_commands: | ||
| raise ValueError( | ||
| f"Command '{command[0] if command else ''}' is not allowed. Only {allowed_commands} are permitted." | ||
| ) |
|
@vikassaini77 pls follow the contribution guidelines. In particular, it means you shall write PR description why it does and how it fixes or improves this package, even I see based on your changes a value in your contribution 🦝 |
Codecov Report❌ Patch coverage is ❌ Your patch check has failed because the patch coverage (40%) is below the target coverage (95%). You can increase the patch coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## develop #2336 +/- ##
=======================================
- Coverage 81% 81% -0%
=======================================
Files 66 66
Lines 9077 9127 +50
=======================================
+ Hits 7377 7378 +1
- Misses 1700 1749 +49 🚀 New features to boost your workflow:
|
Before submitting
Description
Type of Change
Motivation and Context
Closes #(issue)
Changes Made
Testing
Google Colab (optional)
Colab link:
Screenshots/Videos (optional)
Additional Notes