Jit - Scan Code for Vulnerabilities Test

[jit-ci]

No description provided.

[jit-ci]

❌ Jit has detected 1 important finding in this PR that you should review.
The finding is detailed below as a comment.
It’s highly recommended that you fix this security issue before merge.

[jit-ci]

Security control: Static Code Analysis Python Semgrep

Type: Python.Lang.Security.Audit.Subprocess-Shell-True.Subprocess-Shell-True

Description: Found 'subprocess' function 'Popen' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False' instead.

Severity: HIGH

Learn more about this issue

---

Fix suggestion:

This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging.

Suggestion guidelines

Use 'shell=False' instead

Suggested change

	call_process = subprocess.Popen(['ls', '-l'], shell=True)
	call_process = subprocess.Popen(['ls', '-l'], shell=False)

---

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

• #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
• #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
• #jit_ignore_type_in_file Ignore any finding of type "python.lang.security.audit.subprocess-shell-true.subprocess-shell-true" in jit_code_vulnerability_test_file.py; future occurrences will also be ignored.
• #jit_undo_ignore Undo ignore command