shivasurya/code-pathfinder
high subprocess with shell=True
scripts/gen_go_modules.py:104
subprocess called with shell=True. This is vulnerable to shell injection.
CWE-78 open
Code
scripts/gen_go_modules.py101
102def run_go_mod_tidy(directory: Path) -> bool:
103 """Run 'go mod tidy' and return True on success."""
104 result = subprocess.run(
105 ["go", "mod", "tidy"],
106 cwd=directory,
107 capture_output=True,
Dataflow
- Source
- scripts/gen_go_modules.py:104
- Sink
- scripts/gen_go_modules.py:104 subprocess.run( ["go", "mod", "tidy"], cwd=directory, capture_output=True, text=True, timeout=120, )
Seen on 11 scans
- 460d0d3 line 104 2026-05-23
- 7a21c89 line 104 2026-05-23
- 7a21c89 line 104 2026-05-23
- a7e137f line 104 2026-05-22
- 8a39ca7 line 104 2026-05-22
- 181f52c line 104 2026-05-22
- 91c7b3d line 104· PR #693 2026-05-22
- 00a5753 line 104 2026-05-22
- 490d33f line 104· PR #693 2026-05-22
- 9e00502 line 104 2026-05-22
- 1faca6c line 104 2026-05-21
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.