injection fix using shell=false (#45740)

ayushhgarg-work · ayushhgarg03 · web-flow · commit 347b00ea7089 · 2026-06-17T11:09:28.000Z
* injection fix using shell=false

* original change

* ubuntu pipeline fix

* cosmetic change

* tox formatting

---------

Co-authored-by: Ayushh Garg &lt;ayushhgarg@microsoft.com&gt;
diff --git a/sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py b/sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py
@@ -7,7 +7,7 @@
 import subprocess
 import sys
 import time
-
+import shlex
 from azure.ai.ml.exceptions import ErrorCategory, ErrorTarget, MlException
 
 
@@ -24,39 +24,40 @@ def run_cli_command(
     do_not_print=True,
     stderr_to_stdout=True,
 ):
+    # Ensure cmd_arguments is always a list for shell=False safety.
+    # Some callers may pass a pre-joined string; split it to maintain
+    # compatibility while keeping shell=False.
+    if isinstance(cmd_arguments, str):
+        cmd_arguments = shlex.split(cmd_arguments)
+
     if not custom_environment:
         custom_environment = os.environ
 
-    # We do this join to construct a command because "shell=True" flag, used below, doesn't work with the vector
-    # argv form on a mac OS.
-    command_to_execute = " ".join(cmd_arguments)
-
     if not do_not_print:  # Avoid printing the az login service principal password, for example
-        print("Preparing to run CLI command: \n{}\n".format(command_to_execute))
+        print("Preparing to run CLI command: \n{}\n".format(" ".join(cmd_arguments)))
         print("Current directory: {}".format(os.getcwd()))
 
     start_time = time.time()
     try:
         # We redirect stderr to stdout, so that in the case of an error, especially in negative tests,
         # we get the error reply back to check if the error is expected or not.
-        # We need "shell=True" flag so that the "az" wrapper works.
 
         # We also pass the environment variables, because for some tests we modify
         # the environment variables.
 
         subprocess_args = {
-            "shell": True,
+            "shell": False,
             "stderr": subprocess.STDOUT,
             "env": custom_environment,
         }
 
         if not stderr_to_stdout:
-            subprocess_args = {"shell": True, "env": custom_environment}
+            subprocess_args = {"shell": False, "env": custom_environment}
 
         if sys.version_info[0] != 2:
             subprocess_args["timeout"] = timeout
 
-        output = subprocess.check_output(command_to_execute, **subprocess_args).decode(encoding="UTF-8")
+        output = subprocess.check_output(cmd_arguments, **subprocess_args).decode(encoding="UTF-8")
 
         time_taken = time.time() - start_time
         if not do_not_print:
diff --git a/sdk/ml/azure-ai-ml/azure/ai/ml/operations/_local_endpoint_helper.py b/sdk/ml/azure-ai-ml/azure/ai/ml/operations/_local_endpoint_helper.py
@@ -121,7 +121,14 @@ def list(self) -> Iterable[OnlineEndpoint]:
         endpoint_stubs = self._endpoint_stub.list()
         # Iterate through all cached endpoint files
         for endpoint_file in endpoint_stubs:
-            endpoint_json = json.loads(endpoint_file.read_text())
+            try:
+                contents = endpoint_file.read_text()
+                if not contents.strip():
+                    continue
+                endpoint_json = json.loads(contents)
+            except (json.JSONDecodeError, OSError):
+                # Skip files being written concurrently or otherwise unreadable
+                continue
             container = self._docker_client.get_endpoint_container(
                 endpoint_name=endpoint_json.get("name"), include_stopped=True
             )
