SG-41529 prevent config autoupdate #1076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

eduardoChaucaGallegos wants to merge 14 commits into master from ticket/SG-40996-prevent-config-autoupdate

Open

SG-41529 prevent config autoupdate #1076

logs with f strings

ShotGrid Chorus / security/bandit completed Dec 16, 2025 in 2s

3 issue(s) found

Summary of Issues

Type	Count	Severity	Secure Coding Guidelines
B404: blacklist	1	LOW	PYTH-INJC-30
B607: start_process_with_partial_path	1	LOW	PYTH-INJC-30
B603: subprocess_without_shell_equals_true	1	LOW	PYTH-INJC-30

How do I clear all these issues?

If you suspect these issues are not actual issues, click “Clear All Issues” above. Click here for more details.

Details and Annotations

Details

bandit version 1.7.9

Annotations

Check notice on line 13 in python/tank/descriptor/io_descriptor/git_tag.py

shotgrid-chorus / security/bandit

B404: blacklist

Consider possible security implications associated with the subprocess module.
secure coding id: PYTH-INJC-30.

Check notice on line 257 in python/tank/descriptor/io_descriptor/git_tag.py

shotgrid-chorus / security/bandit

B607: start_process_with_partial_path

Starting a process with a partial executable path
secure coding id: PYTH-INJC-30.

Check notice on line 257 in python/tank/descriptor/io_descriptor/git_tag.py

shotgrid-chorus / security/bandit

B603: subprocess_without_shell_equals_true

subprocess call - check for execution of untrusted input.
secure coding id: PYTH-INJC-30.

View more details on ShotGrid Chorus