Skip to content

[flake8-bandit] Stabilize more trusted inputs in subprocess-without-shell-equals-true (S603) #18521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 8, 2025
Merged

[flake8-bandit] Stabilize more trusted inputs in subprocess-without-shell-equals-true (S603) #18521

merged 2 commits into from
Jun 8, 2025

Conversation

@dylwil3
Copy link
Collaborator

@dylwil3 dylwil3 commented Jun 6, 2025

No description provided.

@dylwil3 dylwil3 added the rule Implementing or modifying a lint rule label Jun 6, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jun 6, 2025

ruff-ecosystem results

Linter (stable)

ℹ️ ecosystem check detected linter changes. (+2 -80 violations, +0 -0 fixes in 6 projects; 49 projects unchanged)

apache/airflow (+0 -59 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --no-preview --select ALL

- airflow-core/src/airflow/cli/commands/dag_command.py:207:14: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:146:30: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:152:23: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:157:23: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:165:25: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:173:25: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/commands/main_command.py:140:26: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/commands/main_command.py:186:27: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/commands/setup_commands.py:151:13: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/commands/setup_commands.py:153:17: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/utils/reinstall.py:43:21: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/utils/reinstall.py:50:23: S603 `subprocess` call: check for execution of untrusted input
- kubernetes-tests/tests/kubernetes_tests/test_base.py:127:19: S603 `subprocess` call: check for execution of untrusted input
- kubernetes-tests/tests/kubernetes_tests/test_base.py:206:21: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_gcs_task_handler_system.py:78:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_gcs_task_handler_system.py:79:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_stackdriver_task_handler_system.py:67:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_stackdriver_task_handler_system.py:68:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_stackdriver_task_handler_system.py:83:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_stackdriver_task_handler_system.py:84:20: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/breeze_cmd_line.py:62:14: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/breeze_cmd_line.py:78:11: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/breeze_cmd_line.py:87:7: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/check_kubeconform.py:30:13: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/check_kubeconform.py:42:10: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/check_min_python_version.py:34:9: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_fab_assets.py:83:18: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_fab_assets.py:95:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:35:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:36:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:39:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:40:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:41:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:44:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:46:5: S603 `subprocess` call: check for execution of untrusted input
... 24 additional changes omitted for project

apache/superset (+2 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --no-preview --select ALL

+ scripts/change_detector.py:148:65: RUF100 [*] Unused `noqa` directive (unused: `S603`)
+ setup.py:33:73: RUF100 [*] Unused `noqa` directive (unused: `S603`)

bokeh/bokeh (+0 -9 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --no-preview --select ALL

- examples/output/apis/server_document/flask_server.py:45:17: S603 `subprocess` call: check for execution of untrusted input
- scripts/hooks/protect_branches.py:10:22: S603 `subprocess` call: check for execution of untrusted input
- setup.py:127:20: S603 `subprocess` call: check for execution of untrusted input
- setup.py:52:16: S603 `subprocess` call: check for execution of untrusted input
- tests/codebase/test_code_quality.py:118:13: S603 `subprocess` call: check for execution of untrusted input
- tests/codebase/test_eslint.py:37:12: S603 `subprocess` call: check for execution of untrusted input
- tests/codebase/test_no_request_host.py:50:13: S603 `subprocess` call: check for execution of untrusted input
- tests/codebase/test_ruff.py:33:12: S603 `subprocess` call: check for execution of untrusted input
- tests/test_bokehjs.py:34:16: S603 `subprocess` call: check for execution of untrusted input

rotki/rotki (+0 -1 violations, +0 -0 fixes) 

- rotkehlchen/tests/unit/test_search.py:60:21: S603 `subprocess` call: check for execution of untrusted input

yandex/ch-backup (+0 -1 violations, +0 -0 fixes) 

- images/clickhouse/entrypoint.py:21:5: S603 `subprocess` call: check for execution of untrusted input

zulip/zulip (+0 -10 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --no-preview --select ALL

- scripts/lib/check_rabbitmq_queue.py:149:26: S603 `subprocess` call: check for execution of untrusted input
- scripts/lib/puppet_cache.py:25:30: S603 `subprocess` call: check for execution of untrusted input
- tools/lib/provision.py:271:16: S603 `subprocess` call: check for execution of untrusted input
- tools/lib/provision_inner.py:109:14: S603 `subprocess` call: check for execution of untrusted input
- tools/lib/test_script.py:125:5: S603 `subprocess` call: check for execution of untrusted input
- zerver/data_import/mattermost.py:398:12: S603 `subprocess` call: check for execution of untrusted input
- zerver/lib/test_fixtures.py:344:5: S603 `subprocess` call: check for execution of untrusted input
- zerver/logging_handlers.py:8:16: S603 `subprocess` call: check for execution of untrusted input
- zerver/management/commands/compilemessages.py:76:18: S603 `subprocess` call: check for execution of untrusted input
- zerver/management/commands/makemessages.py:241:21: S603 `subprocess` call: check for execution of untrusted input

Changes by rule (2 rules affected)

code total + violation - violation + fix - fix
S603 80 0 80 0 0
RUF100 2 2 0 0 0

Linter (preview)

✅ ecosystem check detected no linter changes.

@dylwil3 dylwil3 added this to the v0.12 milestone Jun 6, 2025
@dylwil3 dylwil3 merged commit 815e336 into brent/release-0.12.0 Jun 8, 2025
34 checks passed
@dylwil3 dylwil3 deleted the dylan/stabilize-trusted-inputs branch June 8, 2025 18:07
@dylwil3 dylwil3 mentioned this pull request Jun 8, 2025
Merged
2 tasks
ntBre pushed a commit that referenced this pull request Jun 8, 2025
@dylwil3 @ntBre
[flake8-bandit] Stabilize more trusted inputs in `subprocess-withou…
784d0fd 
…t-shell-equals-true` (`S603`) (#18521)
ntBre pushed a commit that referenced this pull request Jun 8, 2025
@dylwil3 @ntBre
[flake8-bandit] Stabilize more trusted inputs in `subprocess-withou…
a71a091 
…t-shell-equals-true` (`S603`) (#18521)
ntBre pushed a commit that referenced this pull request Jun 9, 2025
@dylwil3 @ntBre
[flake8-bandit] Stabilize more trusted inputs in `subprocess-withou…
e07f352 
…t-shell-equals-true` (`S603`) (#18521)
ntBre pushed a commit that referenced this pull request Jun 10, 2025
@dylwil3 @ntBre
[flake8-bandit] Stabilize more trusted inputs in `subprocess-withou…
964c7b3 
…t-shell-equals-true` (`S603`) (#18521)
ntBre pushed a commit that referenced this pull request Jun 11, 2025
@dylwil3 @ntBre
[flake8-bandit] Stabilize more trusted inputs in `subprocess-withou…
38fdd20 
…t-shell-equals-true` (`S603`) (#18521)
ntBre pushed a commit that referenced this pull request Jun 17, 2025
@dylwil3 @ntBre
[flake8-bandit] Stabilize more trusted inputs in `subprocess-withou…
3ff74b7 
…t-shell-equals-true` (`S603`) (#18521)
ntBre pushed a commit that referenced this pull request Jun 17, 2025
@dylwil3 @ntBre
[flake8-bandit] Stabilize more trusted inputs in `subprocess-withou…
00e9de8 
…t-shell-equals-true` (`S603`) (#18521)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ntBre ntBre ntBre approved these changes

Assignees

No one assigned

Labels

rule Implementing or modifying a lint rule

Projects

None yet

Milestone

v0.12

Development

Successfully merging this pull request may close these issues.

3 participants

@dylwil3 @ntBre