Skip to content

feat: [CLI-194] hardening subprocess logic #277

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: [CLI-194] hardening subprocess logic #277

wants to merge 2 commits into from

Conversation

dotkas
Copy link
Contributor

@dotkas dotkas commented Aug 7, 2025
edited
Loading

  • Ready for review
  • Follows CONTRIBUTING rules
  • Reviewed by Snyk internal team

What does this PR do?

Adds some extra hardening of the subprocess logic and adds better practices of not spawning things in a shell where avoidable.

Where should the reviewer start?

The subprocess file.

How should this be manually tested?

Basically as stated in the previous PR.

Any background context you want to provide?

Earlier we added a larger changeset that bumped shescape and handled the breaking changes this entailed. In the mean time we've become a bit wiser on how this works, and thus this PR adds more security hardening of the logic that spawns the subprocesses.

What are the relevant tickets?

https://snyksec.atlassian.net/browse/CLI-1049

Screenshots

N/A

Additional questions

I don't think the failing tests are my PR. All other PRs in the list (like this) sees the same failures.

@dotkas dotkas requested a review from a team as a code owner August 7, 2025 18:39
@snyk-io Snyk.io
Copy link

snyk-io bot commented Aug 7, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

code/snyk check is complete. No issues have been found. (View Details)

@dotkas dotkas mentioned this pull request Aug 13, 2025
Draft
3 tasks
@dotkas dotkas force-pushed the dotkas/CLI-194/add-extra-shescape-hardening branch from d676080 to 1a4b671 Compare August 13, 2025 11:05
@dotkas dotkas requested a review from a team as a code owner August 13, 2025 11:05
@dotkas dotkas enabled auto-merge (squash) August 13, 2025 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orsagie orsagie orsagie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dotkas @orsagie