From 32fe9c46c62458e5dcf959c5c9a73f6e3ab263e0 Mon Sep 17 00:00:00 2001
From: wangruidong <940853815@qq.com>
Date: Wed, 27 Aug 2025 14:24:26 +0800
Subject: [PATCH] fix: Ensure command arguments are safely quoted in
 safe_run_cmd

---
 apps/audits/tasks.py      | 5 ++---
 apps/common/utils/safe.py | 7 +++----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/apps/audits/tasks.py b/apps/audits/tasks.py
index e61404372..ce6ca21a4 100644
--- a/apps/audits/tasks.py
+++ b/apps/audits/tasks.py
@@ -2,15 +2,14 @@
 #
 import datetime
 import os
-import subprocess
 
 from celery import shared_task
 from django.conf import settings
 from django.core.files.storage import default_storage
 from django.db import transaction
 from django.utils import timezone
-from django.utils.translation import gettext_lazy as _
 from django.utils._os import safe_join
+from django.utils.translation import gettext_lazy as _
 
 from common.const.crontab import CRONTAB_AT_AM_TWO
 from common.storage.ftp_file import FTPFileStorageHandler
@@ -79,7 +78,7 @@ def clean_celery_tasks_period():
     command = "find %s -mtime +%s -name '*.log' -type f -exec rm -f {} \\;"
     safe_run_cmd(command, (settings.CELERY_LOG_DIR, expire_days))
     celery_log_path = safe_join(settings.LOG_DIR, 'celery.log')
-    command = "echo > {}".format(celery_log_path)
+    command = "echo > %s"
     safe_run_cmd(command, (celery_log_path,))
 
 
diff --git a/apps/common/utils/safe.py b/apps/common/utils/safe.py
index 26ae79e9b..58fd584cb 100644
--- a/apps/common/utils/safe.py
+++ b/apps/common/utils/safe.py
@@ -1,9 +1,8 @@
-import re
-import subprocess
 import shlex
+import subprocess
 
 
 def safe_run_cmd(cmd_str, cmd_args=(), shell=True):
-    cmd_args = [shlex.quote(arg) for arg in cmd_args]
+    cmd_args = [shlex.quote(str(arg)) for arg in cmd_args]
     cmd = cmd_str % tuple(cmd_args)
-    return subprocess.run(cmd, shell=shell)
\ No newline at end of file
+    return subprocess.run(cmd, shell=shell)