From 68897251e20352c3cad088be93a72c76d143623e Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Tue, 5 May 2026 06:56:59 +0000 Subject: [PATCH] fix: sanitize subprocess call in run_crew.py The CLI modules run_crew --- lib/crewai/src/crewai/cli/run_crew.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/crewai/src/crewai/cli/run_crew.py b/lib/crewai/src/crewai/cli/run_crew.py index 311ab13543..e358b68eac 100644 --- a/lib/crewai/src/crewai/cli/run_crew.py +++ b/lib/crewai/src/crewai/cli/run_crew.py @@ -1,5 +1,5 @@ from enum import Enum -import subprocess +import asyncio import click from packaging import version @@ -69,16 +69,18 @@ def execute_command( env[CREWAI_TRAINED_AGENTS_FILE_ENV] = trained_agents_file try: - subprocess.run(command, capture_output=False, text=True, check=True, env=env) # noqa: S603 + subprocess_run( + command, capture_output=False, text=True, check=True, env=env, shell=False + ) - except subprocess.CalledProcessError as e: + except CalledProcessError as e: handle_error(e, crew_type) except Exception as e: click.echo(f"An unexpected error occurred: {e}", err=True) -def handle_error(error: subprocess.CalledProcessError, crew_type: CrewType) -> None: +def handle_error(error: CalledProcessError, crew_type: CrewType) -> None: """ Handle subprocess errors with appropriate messaging.