feat: Enhance security by adding user permissions in Dockerfile, parameterized queries in pronunciation_store, and secure filename handling in routes

This commit is contained in:
JB
2025-11-28 13:19:53 -08:00
parent 39628453de
commit ad70c630c7
6 changed files with 34 additions and 3 deletions
+3
View File
@@ -327,6 +327,9 @@ def create_process(cmd, stdin=None, text=True, capture_output=False):
# Determine shell usage: use shell only for string commands
use_shell = isinstance(cmd, str)
if use_shell:
logger.warning("Security Warning: create_process called with string command. Prefer using a list of arguments to avoid shell injection risks.")
kwargs = {
"shell": use_shell,
"stdout": subprocess.PIPE,