Skip to content

Restrict invokig subprocess.run via an internal API #514

New issue
New issue
Open
Open
Restrict invokig subprocess.run via an internal API#514
Labels
code qualityThe code quality related tasks
Milestone
 
Code quality and documentation enhancements
@behnazh-w

Description

@behnazh-w
behnazh-w
opened on Oct 16, 2023

We need to manage and restrict the environment passed to the subprocess.run invocation by creating an internal API. We need to create an allow list for the env argument to prevent the subprocess from accessing sensitive data, such as GitHub tokens. We can also make sure that the dangerous argument shell=True is never used.

Metadata

Metadata

Assignees

No one assigned

    Labels

    code qualityThe code quality related tasks

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions