project: launch subprocesses without shell

In the Project method set_new_manifest_rev, the _update_manifest_rev helper function tries to run the following git command: git update-ref -m .. refs/heads/ref <commit-id>^{commit} However, on Msys2's MinGW build of python handles the escaping of "...^{commit}" incorrectly, converting it into "...commit". This issue highlights the pitfalls of using the Python subprocess module's shell=True option, which can apply string conversions to commands that are unexpected by the calling code. Signed-off-by: Joel Holdsworth <jholdsworth@nvidia.com>
zephyrproject-rtos · Feb 26, 2025 · 4d5387e · 4d5387e
1 parent b75b86b
commit 4d5387e
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/src/west/app/project.py b/src/west/app/project.py
@@ -1731,8 +1731,7 @@ def do_run(self, args, user_args):
 
             self.banner(
                 f'running "{args.subcommand}" in {project.name_and_path}:')
-            rc = subprocess.Popen(args.subcommand, shell=True, env=env,
-                                  cwd=cwd).wait()
+            rc = subprocess.Popen(args.subcommand, env=env, cwd=cwd).wait()
             if rc:
                 failed.append(project)
         self._handle_failed(args, failed)