checkkconfigsymbols.py - Shell Injection

[TheRegRunner]

Shell code in %s may be injected in the execute function because shell is set to True.

Please set shell to "False" and make cmd a LIST to use with subprocess.

Hey,

That is something that should be fixed upstream. I'd recommend reporting the bug in one of the linux kernel mailing lists.

I briefly checked Linus' tree but I didn't find any fixes pertaining to this issue:
https://github.com/torvalds/linux/commits/master/scripts/checkkconfigsymbols.py

If you are aware of an upstream patch to address this, we would be happy to cherry-pick it in.