@@ -224,15 +224,21 @@ def resolved_command(command: str) -> str:
224224
225225def open_file (filepath : str , * , prefer_vscode : bool = False ) -> None :
226226 """Open a file with the platform default opener or VS Code."""
227+ checked_filepath = Path (filepath ).expanduser ().resolve (strict = True )
228+
227229 if prefer_vscode :
228230
229231 # Reviewed: command is resolved from PATH and shell=False is used.
230232 # The filepath is passed as a single argument to the editor.
231- subprocess .run ([resolved_command ("code" ), filepath ], check = True ) # nosec B603
233+ subprocess .run ( # nosec B603
234+ [resolved_command ("code" ), str (checked_filepath )],
235+ check = True ,
236+ )
232237 return
233238
234239 if sys .platform .startswith ("win" ):
235- os .startfile (filepath ) # type: ignore[attr-defined]
240+ # Reviewed: opens an existing local path with the Windows file association.
241+ os .startfile (str (checked_filepath )) # type: ignore[attr-defined] # nosec B606
236242 return
237243
238244 if sys .platform == "darwin" :
@@ -242,9 +248,12 @@ def open_file(filepath: str, *, prefer_vscode: bool = False) -> None:
242248
243249 # Reviewed: macOS opener is fixed/resolved and shell=False is used.
244250 # The filepath is passed as a single argument.
245- subprocess .run ([mac_open , filepath ], check = True ) # nosec B603
251+ subprocess .run ([mac_open , str ( checked_filepath ) ], check = True ) # nosec B603
246252 return
247253
248254 # Reviewed: opener command is resolved from PATH and shell=False is used.
249255 # The filepath is passed as a single argument.
250- subprocess .run ([resolved_command ("xdg-open" ), filepath ], check = True ) # nosec B603
256+ subprocess .run ( # nosec B603
257+ [resolved_command ("xdg-open" ), str (checked_filepath )],
258+ check = True ,
259+ )
0 commit comments