refactor: drop over-engineered security modules; keep minimal safe quoting

Category: tech-debt
Priority: P2

PROBLEM
- Security modules and wrappers massively increase surface area without clear threat model; many tests are synthetic and don't reflect actual risk for CI coverage reporting.

EVIDENCE
- Files: src/security/**, utils/command/** (secure wrappers), pervasive "SECURITY FIX" comments.
- gcov execution already runs via a simple command; extra layers add noise and maintenance.

SOLUTION
- Remove dedicated security modules; keep minimal validation/escaping where needed (e.g., quoting paths passed to `gcov`).
- Simplify `gcov_executor` to avoid bespoke secure wrappers; rely on careful argument quoting.

VERIFICATION
- Build succeeds; `gcov` execution works on typical projects.
- Keep one test verifying that filenames with spaces/pipes are handled safely.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

refactor: drop over-engineered security modules; keep minimal safe quoting #1167

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

refactor: drop over-engineered security modules; keep minimal safe quoting #1167

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions