Skip to content

refactor: font generation to use execFile for security #4616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mfranzke merged 4 commits into from
Jul 24, 2025
Merged

refactor: font generation to use execFile for security #4616

mfranzke merged 4 commits into from
Jul 24, 2025

Conversation

@mfranzke
Copy link
Collaborator

@mfranzke mfranzke commented Jul 23, 2025

Proposed changes

Replaced usage of exec with execFile to prevent shell injection risks when running pyftsubset. Arguments are now passed as arrays, and file paths are validated to avoid path traversal attacks. Improves security and reliability of font generation script.

Types of changes

  • Bugfix (non-breaking change that fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactoring (improvements to existing components or architectural decisions)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Update (if none of the other choices apply)

Further comments

@mfranzke
refactor: font generation to use execFile for security
b416783 
Replaced usage of exec with execFile to prevent shell injection risks when running pyftsubset.
@mfranzke mfranzke self-assigned this Jul 23, 2025
@mfranzke mfranzke added the 🍄🆙improvement New feature or request label Jul 23, 2025
@mfranzke mfranzke moved this to 👀 In review in UX Engineering Team Backlog Jul 23, 2025
@mfranzke mfranzke removed their assignment Jul 23, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jul 23, 2025

🔭🐙🐈 Test this branch here: https://db-ux-design-system.github.io/core-web/review/alert-fix-8

@mfranzke mfranzke added 🍒 cherryPick Code that we should adapt from one repository to another. and removed 🍒 cherryPick Code that we should adapt from one repository to another. labels Jul 23, 2025
@mfranzke mfranzke marked this pull request as ready for review July 23, 2025 21:07
@mfranzke mfranzke requested a review from nmerget as a code owner July 23, 2025 21:07
@mfranzke mfranzke enabled auto-merge (squash) July 23, 2025 21:08
@mfranzke mfranzke merged commit bf5d116 into main Jul 24, 2025
70 checks passed
@mfranzke mfranzke deleted the alert-fix-8 branch July 24, 2025 08:20
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in UX Engineering Team Backlog Jul 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nmerget nmerget nmerget approved these changes

Assignees

No one assigned

Labels

🍄🆙improvement New feature or request

Projects

UX Engineering Team Backlog
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mfranzke @nmerget