From c39f0867254674c53ae68b9db9a6a9c78240da16 Mon Sep 17 00:00:00 2001
From: Maryam Abkar <42349380+naidneelttil@users.noreply.github.com>
Date: Thu, 21 Mar 2024 16:32:36 -0400
Subject: [PATCH] packaging: Use subprocess instead of os.popen for change log
 creation (#3469)

This addresses a warning from Bandit about an injection attack risk by using subprocess.Popen instead of os.popen.

---------

Co-authored-by: kpolchow <polchow.kira@gmail.com>
---
 utils/gitlog2changelog.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/utils/gitlog2changelog.py b/utils/gitlog2changelog.py
index 8c8ba02812f..6e2bb99fd0f 100755
--- a/utils/gitlog2changelog.py
+++ b/utils/gitlog2changelog.py
@@ -4,18 +4,32 @@
 # Distributed under the terms of the GNU General Public License v2 or later
 
 import re
-import os
 from textwrap import TextWrapper
 import sys
+import subprocess
 
 rev_range = ""
 
+
+# Define the git command and its arguments as a list
+git_command = [
+    "git",
+    "log",
+    "--summary",
+    "--stat",
+    "--no-merges",
+    "--date=short",
+]
+
 if len(sys.argv) > 1:
     base = sys.argv[1]
     rev_range = "%s..HEAD" % base
+    git_command.append(rev_range)
 
 # Execute git log with the desired command line options.
-fin = os.popen("git log --summary --stat --no-merges --date=short %s" % rev_range, "r")
+process = subprocess.Popen(git_command, stdout=subprocess.PIPE, encoding="utf8")
+fin = process.stdout
+
 # Create a ChangeLog file in the current directory.
 fout = open("ChangeLog", "w")