shivasurya/code-pathfinder

high Dangerous subprocess Usage

scripts/gen_go_modules.py:104

subprocess call detected. Ensure arguments are not user-controlled.

Code

scripts/gen_go_modules.py

101
102def run_go_mod_tidy(directory: Path) -> bool:
103    """Run 'go mod tidy' and return True on success."""
104    result = subprocess.run(
105        ["go", "mod", "tidy"],
106        cwd=directory,
107        capture_output=True,

Dataflow

Source: scripts/gen_go_modules.py:104
Sink: scripts/gen_go_modules.py:104 subprocess.run

Seen on 10 scans

7a21c89 line 104 2026-05-23
7a21c89 line 104 2026-05-23
a7e137f line 104 2026-05-22
8a39ca7 line 104 2026-05-22
181f52c line 104 2026-05-22
91c7b3d line 104· PR #693 2026-05-22
00a5753 line 104 2026-05-22
490d33f line 104· PR #693 2026-05-22
9e00502 line 104 2026-05-22
1faca6c line 104 2026-05-21

Get this for your repo.

Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.

Get started View the open-source rules →