08f3253e4e
- Fix CVE-2025-8869 and CVE-2026-1703: upgrade pip to 26.0+ - Fix MD5 hash usage: replace with SHA-256 in KYC/AML providers - Fix subprocess shell injection: remove shell=True option - Add comprehensive security vulnerability report - Reduce critical vulnerabilities from 8 to 0 - Address high-severity code security issues
28 lines
1.1 KiB
Python
28 lines
1.1 KiB
Python
import subprocess
|
|
import sys
|
|
from typing import List, Optional, Union, Any
|
|
from . import error, output
|
|
|
|
def run_subprocess(cmd: List[str], check: bool = True, capture_output: bool = True, shell: bool = False, **kwargs: Any) -> Optional[Union[str, subprocess.CompletedProcess]]:
|
|
"""Run a subprocess command safely with logging"""
|
|
try:
|
|
# Always use shell=False for security
|
|
result = subprocess.run(cmd, check=check, capture_output=capture_output, text=True, shell=False, **kwargs)
|
|
|
|
if capture_output:
|
|
return result.stdout.strip()
|
|
return result
|
|
|
|
except subprocess.CalledProcessError as e:
|
|
error(f"Command failed with exit code {e.returncode}")
|
|
if capture_output and getattr(e, 'stderr', None):
|
|
print(e.stderr, file=sys.stderr)
|
|
if check:
|
|
sys.exit(e.returncode)
|
|
return getattr(e, 'stdout', None) if capture_output else None
|
|
except Exception as e:
|
|
error(f"Failed to execute command: {e}")
|
|
if check:
|
|
sys.exit(1)
|
|
return None
|