diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts index 2ba648dad..71f5c47d8 100644 --- a/packages/cli/src/utils/sandbox.ts +++ b/packages/cli/src/utils/sandbox.ts @@ -291,8 +291,8 @@ export async function start_sandbox( sandboxEnv['NO_PROXY'] = noProxy; sandboxEnv['no_proxy'] = noProxy; } - // CLI tool intentionally executes user-provided proxy commands - // codeql-disable-next-line js/shell-command-injection-from-environment + // Note: CodeQL flags this as js/shell-command-injection-from-environment. + // This is intentional - CLI tool executes user-provided proxy commands. proxyProcess = spawn('bash', ['-c', proxyCommand], { stdio: ['ignore', 'pipe', 'pipe'], detached: true, @@ -787,8 +787,8 @@ export async function start_sandbox( const proxyShellArgs = isWindows ? ['/c', proxyContainerCommand] : ['-c', proxyContainerCommand]; - // CLI tool intentionally executes user-provided proxy commands in container - // codeql-disable-next-line js/shell-command-injection-from-environment + // Note: CodeQL flags this as js/shell-command-injection-from-environment. + // This is intentional - CLI tool executes user-provided proxy commands in container. proxyProcess = spawn(proxyShell, proxyShellArgs, { stdio: ['ignore', 'pipe', 'pipe'], detached: true, diff --git a/packages/core/src/services/shellExecutionService.ts b/packages/core/src/services/shellExecutionService.ts index 603216a76..3d812d899 100644 --- a/packages/core/src/services/shellExecutionService.ts +++ b/packages/core/src/services/shellExecutionService.ts @@ -228,8 +228,8 @@ export class ShellExecutionService { ? ['/c', commandToExecute] : ['-c', commandToExecute]; - // CLI tool intentionally executes user-provided shell commands - // codeql-disable-next-line js/shell-command-injection-from-environment + // Note: CodeQL flags this as js/shell-command-injection-from-environment. + // This is intentional - CLI tool executes user-provided shell commands. const child = cpSpawn(shell, shellArgs, { cwd, stdio: ['ignore', 'pipe', 'pipe'],