oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

security: fix critical vulnerabilities and add security report

Browse Source 
- Fix CVE-2025-8869 and CVE-2026-1703: upgrade pip to 26.0+
- Fix MD5 hash usage: replace with SHA-256 in KYC/AML providers
- Fix subprocess shell injection: remove shell=True option
- Add comprehensive security vulnerability report
- Reduce critical vulnerabilities from 8 to 0
- Address high-severity code security issues
This commit is contained in:
aitbc
2026-04-02 23:04:49 +02:00
parent b61843c870
commit 08f3253e4e
3 changed files with 207 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cli/utils/subprocess.py
View File

@@ -6,13 +6,9 @@ from . import error, output
def run_subprocess(cmd: List[str], check: bool = True, capture_output: bool = True, shell: bool = False, **kwargs: Any) -> Optional[Union[str, subprocess.CompletedProcess]]:
"""Run a subprocess command safely with logging"""
try:
if shell:
# When shell=True, cmd should be a string
cmd_str = " ".join(cmd) if isinstance(cmd, list) else cmd
result = subprocess.run(cmd_str, shell=True, check=check, capture_output=capture_output, text=True, **kwargs)
else:
result = subprocess.run(cmd, check=check, capture_output=capture_output, text=True, **kwargs)
# Always use shell=False for security
result = subprocess.run(cmd, check=check, capture_output=capture_output, text=True, shell=False, **kwargs)
if capture_output:
return result.stdout.strip()
return result