bitovi · pixeebot · Jul 9, 2024 · pixeebot · Jul 9, 2024
diff --git a/...les/bitops+terraform+ansible+stackstorm-blog/_scripts/ansible/wait-for-inventory-hosts.py b/...les/bitops+terraform+ansible+stackstorm-blog/_scripts/ansible/wait-for-inventory-hosts.py
@@ -1,6 +1,7 @@
 import yaml
 import subprocess
 import os
+from security import safe_command
 
 port = "22"
 timeout = "60"
@@ -21,8 +22,8 @@
                 bitops_hosts = bitops_hosts[0]
                 print("Waiting for host:", bitops_hosts)      
             wait_for_command = "{}/_scripts/ansible/wait-for-it.sh -h {} -p {} -t {}".format(TEMPDIR,bitops_hosts,port,timeout)
-            result = subprocess.call(wait_for_command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+            result = safe_command.run(subprocess.call, wait_for_command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
         except yaml.YAMLError as exception:
             print(exception)
 except IOError:
-    print("Terraform inventory file not found. Skipping wait for hosts.")
+    print("Terraform inventory file not found. Skipping wait for hosts.")
diff --git a/requirements.txt b/requirements.txt
@@ -5,3 +5,4 @@ munch
 GitPython
 pyfiglet
 boto3
+security==1.3.0
diff --git a/scripts/plugins/utilities.py b/scripts/plugins/utilities.py
@@ -1,4 +1,4 @@
 import os
 import sys
 import subprocess
 from typing import Union
@@ -6,6 +6,7 @@
 
 from .settings import BITOPS_FAST_FAIL_MODE
 from .logging import logger, mask_message
+from security import safe_command
 
 
 def add_value_to_env(export_env, value):
@@ -60,8 +61,7 @@
 
 def run_cmd(command: Union[list, str]) -> subprocess.Popen:
     """Run a linux command and return Popen instance as a result"""
-    with subprocess.Popen(
-        command,
+    with safe_command.run(subprocess.Popen, command,
         stdout=subprocess.PIPE,
         stderr=subprocess.STDOUT,
         universal_newlines=True,