fix: prevent OS Command Injection
This commit is contained in:
+4
-2
@@ -418,11 +418,13 @@ def schedule(
|
||||
|
||||
|
||||
def os_open(file: str) -> None:
|
||||
import subprocess
|
||||
|
||||
if os.uname().sysname == "Linux":
|
||||
os.system(f"xdg-open {file}")
|
||||
subprocess.run(["xdg-open", file])
|
||||
else:
|
||||
print(f"Opening file {file}", file=sys.stderr)
|
||||
os.system(f"open {file}")
|
||||
subprocess.run(["open", file])
|
||||
|
||||
|
||||
def extract_players(pdf_file: Path) -> List[str]:
|
||||
|
||||
Reference in New Issue
Block a user