Skip to content

quote arguments in run_cli_command before shell execution#47425

Open
alhudz wants to merge 1 commit into
Azure:mainfrom
alhudz:run-cli-command-quote-args
Open

quote arguments in run_cli_command before shell execution#47425
alhudz wants to merge 1 commit into
Azure:mainfrom
alhudz:run-cli-command-quote-args

Conversation

@alhudz

@alhudz alhudz commented Jun 10, 2026

Copy link
Copy Markdown

Description

run_cli_command joins its argument vector with spaces and runs the result under subprocess with shell=True, so any argument carrying spaces or shell metacharacters is re-interpreted by the shell rather than passed through literally. Callers already hand it a proper argv list; the unsafe collapse happens inside the helper.

Repro: run_cli_command(["echo", "x$(touch pwned)"]) runs the $(...) substitution. The VS Code debug path reaches this with AML_APP_ROOT (derived from a deployment scoring_script/code path) embedded in the --folder-uri argument, and ordinary paths containing a space break the same way.
Cause: " ".join(cmd_arguments) turns the argv list into a shell string with no quoting.
Fix: quote each argument while joining inside the helper, shlex.join on POSIX and subprocess.list2cmdline on Windows. A plain vscode-remote:// URI argument is left unchanged.

All SDK Contribution checklist:

  • The pull request does not introduce [breaking changes]
  • CHANGELOG is updated for new features, bug fixes or other significant changes.
  • I have read the contribution guidelines.

General Guidelines and Best Practices

  • Title of the pull request is clear and informative.
  • There are a small number of commits, each of which have an informative message.

Testing Guidelines

  • Pull request includes test coverage for the included changes.

Copilot AI review requested due to automatic review settings June 10, 2026 05:29
Copilot AI reviewed Jun 10, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR hardens local-endpoint CLI execution by correctly quoting command arguments before running them via shell=True, preventing shell interpretation of metacharacters/spaces.

Changes:

  • Update run_cli_command to build a safely-quoted command string using shlex.join (POSIX) / subprocess.list2cmdline (Windows).
  • Add unit tests validating quoting behavior and ensuring a plain URI remains unchanged.
  • Document the fix in the package changelog.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py Quote args when collapsing to a single shell command string.
sdk/ml/azure-ai-ml/tests/local_endpoint/unittests/test_commandline_utility.py New unit tests asserting safe quoting and expected command string formatting.
sdk/ml/azure-ai-ml/CHANGELOG.md Changelog entry describing the quoting/security fix.

Comment thread sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py
Comment on lines +31 to +38
# "shell=True" (used below) is needed so the platform "az"/"code" wrappers resolve, and it doesn't work with
# the vector argv form on macOS, so the arguments are collapsed into a single command string. Quote each
# argument while joining so a value containing spaces or shell metacharacters is passed through literally
# instead of being re-interpreted by the shell.
if os.name == "nt":
command_to_execute = subprocess.list2cmdline(cmd_arguments)
else:
command_to_execute = shlex.join(cmd_arguments)
Comment thread sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py

import json
import os
import shlex
@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Thank you for your contribution @alhudz! We will review the pull request and get back to you soon.

@github-actions github-actions Bot added Community Contribution Community members are working on the issue customer-reported Issues that are reported by GitHub users external to the Azure organization. Machine Learning labels Jun 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@achauhan-scc achauhan-scc Awaiting requested review from achauhan-scc achauhan-scc is a code owner

@arunsu arunsu Awaiting requested review from arunsu arunsu is a code owner

@jayesh-tanna jayesh-tanna Awaiting requested review from jayesh-tanna jayesh-tanna is a code owner

@JustinFirsching JustinFirsching Awaiting requested review from JustinFirsching JustinFirsching is a code owner

@kingernupur kingernupur Awaiting requested review from kingernupur kingernupur is a code owner

@nick863 nick863 Awaiting requested review from nick863 nick863 is a code owner

@NonStatic2014 NonStatic2014 Awaiting requested review from NonStatic2014 NonStatic2014 is a code owner

@novaturient95 novaturient95 Awaiting requested review from novaturient95 novaturient95 is a code owner

@raduk raduk Awaiting requested review from raduk raduk is a code owner

@rtanase rtanase Awaiting requested review from rtanase rtanase is a code owner

@sharma-riti sharma-riti Awaiting requested review from sharma-riti sharma-riti is a code owner

@vivram vivram Awaiting requested review from vivram vivram is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Community Contribution Community members are working on the issue customer-reported Issues that are reported by GitHub users external to the Azure organization. Machine Learning

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alhudz