feat: add palette config types for plugin color selection#4650
Open
bylkuse wants to merge 20 commits into
Open
feat: add palette config types for plugin color selection#4650bylkuse wants to merge 20 commits into
bylkuse wants to merge 20 commits into
Sourcery AI / Sourcery review
failed
Feb 23, 2026 in 43s
❌ Found 4 blocking security issues
Sourcery found 4 blocking security issues:
astrbot/core/computer/booters/local.py:75-83- Detected subprocess function 'Popen' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.astrbot/core/computer/booters/local.py:85-93- Detected subprocess function 'run' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.astrbot/core/computer/booters/local.py:114-119- Detected subprocess function 'run' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.astrbot/core/computer/booters/local.py:115- Detected subprocess function 'run' with user controlled data. A malicious actor could leverage this to perform command injection. You may consider using 'shlex.quote()'.
Loading