mirror of
https://github.com/denizsafak/abogen.git
synced 2026-07-18 13:40:27 +02:00
feat: Enhance security by adding user permissions in Dockerfile, parameterized queries in pronunciation_store, and secure filename handling in routes
This commit is contained in:
@@ -327,6 +327,9 @@ def create_process(cmd, stdin=None, text=True, capture_output=False):
|
||||
|
||||
# Determine shell usage: use shell only for string commands
|
||||
use_shell = isinstance(cmd, str)
|
||||
if use_shell:
|
||||
logger.warning("Security Warning: create_process called with string command. Prefer using a list of arguments to avoid shell injection risks.")
|
||||
|
||||
kwargs = {
|
||||
"shell": use_shell,
|
||||
"stdout": subprocess.PIPE,
|
||||
|
||||
Reference in New Issue
Block a user