From ca2c254f13dac9be01f98b482b98e1b2237c1462 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Sat, 9 Aug 2025 03:06:20 +0000
Subject: [PATCH] Sandbox Process Creation

---
 docker/transport/sshconn.py | 4 ++--
 pyproject.toml              | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/docker/transport/sshconn.py b/docker/transport/sshconn.py
index 1870668010..270c7dbfd9 100644
--- a/docker/transport/sshconn.py
+++ b/docker/transport/sshconn.py
@@ -13,6 +13,7 @@
 
 from .. import constants
 from .basehttpadapter import BaseHTTPAdapter
+from security import safe_command
 
 RecentlyUsedContainer = urllib3._collections.RecentlyUsedContainer
 
@@ -53,8 +54,7 @@ def f():
         env.pop('LD_LIBRARY_PATH', None)
         env.pop('SSL_CERT_FILE', None)
 
-        self.proc = subprocess.Popen(
-            args,
+        self.proc = safe_command.run(subprocess.Popen, args,
             env=env,
             stdout=subprocess.PIPE,
             stdin=subprocess.PIPE,
diff --git a/pyproject.toml b/pyproject.toml
index 525a9b81a8..a3a4bcd7f8 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -33,6 +33,7 @@ dependencies = [
     "requests >= 2.26.0",
     "urllib3 >= 1.26.0",
     "pywin32>=304; sys_platform == \"win32\"",
+    "security==1.3.1",
 ]
 
 [project.optional-dependencies]