...
- Use exact control over the PATH used to find your program, or prepend known locations to the beginning of the PATH.
For example, you can add a line to the beginning of your program such as:- shell: export PATH=/bin:/usr/bin
- or: export PATH="/bin:/usr/bin:$PATH"
- python: os.environ['PATH'] = '/bin:/usr/bin'
- or: os.environ['PATH'] = f"/bin:/usr/bin:{os.environ['PATH']}"
- Use exact control over the command line arguments. For example, in Python avoid using "shell=True" with the subprocess module's methods, which can allow unexpected parsing or expansion of the values being passed.
- Use exact control over the current directory before invoking a program using a relative path. For example, invoking "../somewhere/something" will act differently depending on where it is invoked.
- Use a "lint" finding program. more TBAFor example,
- shell: use "shellcheck", which can be installed using "apt install -y shellcheck"
- python: there are a number lint-finding programs, such as "pylint" and "flakes8".