Skip to content

security updates #207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
alexey-kireev wants to merge 1 commit into from
Closed

security updates #207

alexey-kireev wants to merge 1 commit into from

Conversation

@alexey-kireev
Copy link
Contributor

@alexey-kireev alexey-kireev commented Jan 23, 2026

No description provided.

@alexey-kireev alexey-kireev requested a review from Copilot January 23, 2026 23:30
Copilot AI reviewed Jan 23, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements security improvements to the Python setup script by replacing assertions with proper exception handling and adding validation for the assembler tool path to prevent potential security vulnerabilities.

Changes:

  • Replaced assert statements with explicit exception raising for better error handling
  • Added assembler tool path validation to prevent execution of untrusted tools
  • Converted list comprehension to explicit loop for assembler compilation with shell=False flag

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

python/setup.py
if not os.path.exists(itt_dir):
raise FileNotFoundError('The specified directory with ITT API source code does not exist.')

if itt_dir == ITT_DEFAULT_DIR and not len(os.listdir(itt_dir)):
Copy link

Copilot AI Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The not len(os.listdir(itt_dir)) pattern is unnecessarily verbose. Use the more idiomatic not os.listdir(itt_dir) which directly evaluates the truthiness of the list.

Suggested change
if itt_dir == ITT_DEFAULT_DIR and not len(os.listdir(itt_dir)):
if itt_dir == ITT_DEFAULT_DIR and not os.listdir(itt_dir):

Copilot uses AI. Check for mistakes.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 23, 2026
View reviewed changes
python/setup.py
[run([os.path.join(as_path, as_tool), '/Fo', obj_file, '/c', asm_file], check=True)
for obj_file, asm_file in obj_asm_pairs]
for obj_file, asm_file in obj_asm_pairs:
run([as_full_path, '/Fo', obj_file, '/c', asm_file], check=True, shell=False)

Check notice

Code scanning / Bandit

subprocess call - check for execution of untrusted input. Note

subprocess call - check for execution of untrusted input.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alexey-kireev