From 91519e232d1f1cfe19fd13a7a0ac45c80506195c Mon Sep 17 00:00:00 2001 From: Daniel Tomlinson Date: Thu, 27 Jan 2022 01:42:07 +0000 Subject: [PATCH] refactor: disable spawning a shell on subprocess --- csops/run.py | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/csops/run.py b/csops/run.py index 6933bae..7533682 100644 --- a/csops/run.py +++ b/csops/run.py @@ -8,25 +8,30 @@ from csops._version import __version__ def encrypt(args): encrypted_filename = f"{args.file.stem}.enc{args.file.suffix}" - subprocess.run( - "sops --encrypt --gcp-kms " - f"{CONFIG.gcp_kms_key} {args.file} > {encrypted_filename}", + encrypted_contents = subprocess.run( + ["sops", "--encrypt", "--gcp-kms", CONFIG.gcp_kms_key, args.file], check=True, text=True, - shell=True, + shell=False, + capture_output=True, ) + with pathlib.Path(encrypted_filename).open("w", encoding="utf-8") as file: + file.write(encrypted_contents.stdout) print(encrypted_filename) raise SystemExit(0) def decrypt(args): decrypted_filename = f"{args.file.stem.split('.')[0]}{args.file.suffix}" - subprocess.run( - f"sops --decrypt {args.file} > {decrypted_filename}", + decrypted_contents = subprocess.run( + ["sops", "--decrypt", args.file], check=True, text=True, - shell=True, + shell=False, + capture_output=True, ) + with pathlib.Path(decrypted_filename).open("w", encoding="utf-8") as file: + file.write(decrypted_contents.stdout) print(decrypted_filename) raise SystemExit(0) @@ -35,7 +40,7 @@ def run(): parser = argparse.ArgumentParser() parser.add_argument("flag", type=str, nargs=1) parser.add_argument("file", type=pathlib.Path) - parser.add_argument('-v', '--version', action='version', version='%(prog)s ' + __version__) + parser.add_argument("-v", "--version", action="version", version="%(prog)s " + __version__) args = parser.parse_args() try: