(BAN-B602) Detected subprocess `popen` call with shell equals `True`

[moonlightnexus]

Description

Using shell=True can expose you to security risks if someone crafts input to issue different commands than the ones you intended.

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/One-Click-Auth/TrustAuthx-Py-SDK/issue/BAN-B602/occurrences/

[moonlightnexus]

Someone Can try it on their local and check if it works properly.

[Just2Deep]

Hey @moonlightnexus , can i try this out?

[moonlightnexus]

@Just2Deep Sure please last time when I checked it on VM linux specifically Debian on ARM It was giving errors.

[Just2Deep]

@moonlightnexus , is there a dummy API_KEYS i can use for installing APP?

raise HTTPError(
requests.exceptions.HTTPError: Request failed with status code : 406
 this code contains a msg : {"detail":"invalid api or secret key"}

[moonlightnexus]

@Just2Deep Why not signup into application with github and use demo account.

[Just2Deep]

@moonlightnexus the basic issue was that we were passing commands as a single string, instead of list of commands(strings). I tested in ubuntu and windows it works as expected in both.

shall a raise a PR?

[moonlightnexus]

@Just2Deep Sure