This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new b5ea529 Make a change suggested by semgrep
b5ea529 is described below
commit b5ea529ef5106cad4a65a273f5ab72753d19386f
Author: Sean B. Palmer <[email protected]>
AuthorDate: Tue Dec 9 17:06:35 2025 +0000
Make a change suggested by semgrep
---
.pre-commit-heavy.yaml | 7 +++----
atr/ssh.py | 4 ++--
2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/.pre-commit-heavy.yaml b/.pre-commit-heavy.yaml
index 682db2d..38c7677 100644
--- a/.pre-commit-heavy.yaml
+++ b/.pre-commit-heavy.yaml
@@ -28,17 +28,16 @@ repos:
- --config=p/secrets
- --config=p/security-audit
- --config=p/sql-injection
- # - --config=r/python.lang.security.audit.dangerous-asyncio-shell-audit
- --disable-version-check
- --error
-
--exclude-rule=generic.html-templates.security.var-in-href.var-in-href
- --exclude-rule=html.security.plaintext-http-link.plaintext-http-link
-
--exclude-rule=python.flask.security.xss.audit.template-unescaped-with-safe.template-unescaped-with-safe
- -
--exclude-rule=python.lang.security.use-defused-xml-parse.use-defused-xml-parse
- - --exclude-rule=python.lang.security.use-defused-xml.use-defused-xml
- -
--exclude-rule=python.lang.security.audit.dangerous-asyncio-create-exec-audit.dangerous-asyncio-create-exec-audit
-
--exclude-rule=python.lang.security.audit.dangerous-annotations-usage.dangerous-annotations-usage
+ -
--exclude-rule=python.lang.security.audit.dangerous-asyncio-create-exec-audit.dangerous-asyncio-create-exec-audit
-
--exclude-rule=python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit
+ -
--exclude-rule=python.lang.security.use-defused-xml-parse.use-defused-xml-parse
+ - --exclude-rule=python.lang.security.use-defused-xml.use-defused-xml
- --exclude=migrations/versions/0027_2025.09.08_69e565eb.py
- --metrics=off
- --quiet
diff --git a/atr/ssh.py b/atr/ssh.py
index c9e97a1..820862a 100644
--- a/atr/ssh.py
+++ b/atr/ssh.py
@@ -552,8 +552,8 @@ async def
_step_07c_ensure_release_object_for_write(project_name: str, version_n
async def _step_08_execute_rsync(process: asyncssh.SSHServerProcess, argv:
list[str]) -> int:
"""Execute the modified rsync command."""
log.info(f"Executing modified rsync command: {' '.join(argv)}")
- proc = await asyncio.create_subprocess_shell(
- " ".join(argv),
+ proc = await asyncio.create_subprocess_exec(
+ *argv,
stdin=asyncio.subprocess.PIPE,
stdout=asyncio.subprocess.PIPE,
stderr=asyncio.subprocess.PIPE,
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
