A
92/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
92/100
MEDIUM 1
Findings (1)
MEDIUM
Shell subprocess with shell=True
L161 Detects subprocess calls with shell=True which enables shell injection
shell=True FIX
Replace shell=True with shell=False and pass command arguments as a list. Validate and sanitize all inputs before passing to the shell.
FP?
Likely FP if the match is in documentation describing how subprocess works, or in a comment explaining shell risks rather than actual code.