Skip to content

Commit

Permalink
Refactor the CLI dynamic command resolution (#362)
Browse files Browse the repository at this point in the history 
* Replaced eval with importlib for secure dynamic command module loading, better mitigating arbitrary code execution risks.

* Defined a plugin folder and a specified list of known modules for tighter execution control, enhancing CLI security.
* Enhanced error handling for clearer feedback on command module loading issues.
* Shifted to pathlib for more robust path handling, replacing os.path and string manipulations.
* Adopted importlib.metadata for fetching package versions, offering a fallback for unavailable versions.
  • Loading branch information
@tasansal
tasansal authored Mar 6, 2024
1 parent 8814863 commit c3ba558
Show file tree
Hide file tree
Showing 4 changed files with 774 additions and 831 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/constraints-poetry.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
poetry==1.7.1
poetry==1.8.2
6 changes: 3 additions & 3 deletions .github/workflows/constraints.txt
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
pip==23.3.2
nox==2023.4.22
pip==24.0
nox==2024.3.2
nox-poetry==1.0.3
virtualenv==20.25.0
virtualenv==20.25.1
Loading

0 comments on commit c3ba558

Please sign in to comment.