subprocess module call
Medium
- Category
- Dangerous Code Execution
- Content
def fulcra_cli(args: list[str]) -> tuple[int, str]: base = os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api") try: proc = subprocess.run([*shlex.split(base), *args], capture_output=True, text=True, timeout=90) except (subprocess.TimeoutExpired, FileNotFoundError) as exc: return 1, f"{type(exc).__name__}: {exc}" return proc.returncode, proc.stdout if proc.returncode == 0 else proc.stdout + proc.stderr- Confidence
- 95% confidence
- Finding
- proc = subprocess.run([*shlex.split(base), *args], capture_output=True, text=True, timeout=90)
