vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

Merge pull request #35483 from Packeting1/fix/secure-git-call-changelog

Browse source 
fix: avoid shell in changelog git calls
This commit is contained in:
Akhil Narang 2025-12-29 13:45:56 +05:30 committed by GitHub
commit bc94ef1381
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
frappe/utils/change_log.py
View file

@ -136,8 +136,8 @@ def get_app_branch(app):
try:
with open(os.devnull, "wb") as null_stream:
result = subprocess.check_output(
f"cd ../apps/{app} && git rev-parse --abbrev-ref HEAD",
shell=True,
["git", "-C", f"../apps/{app}", "rev-parse", "--abbrev-ref", "HEAD"],
shell=False,
stdin=null_stream,
stderr=null_stream,
)
@ -152,8 +152,8 @@ def get_app_last_commit_ref(app):
try:
with open(os.devnull, "wb") as null_stream:
result = subprocess.check_output(
f"git -C ../apps/{app} rev-parse --short=7 HEAD",
shell=True,
["git", "-C", f"../apps/{app}", "rev-parse", "--short=7", "HEAD"],
shell=False,
stdin=null_stream,
stderr=null_stream,
)