From c0357b71d86c7f7fb18f031145c9497db8014fd2 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Sun, 17 May 2026 15:44:31 +0000
Subject: [PATCH] fix: ruby.lang.security.dangerous-subshell.dangerous-subshell
 security vulnerability

Automated security fix generated by Orbis Security AI
---
 bindings/ruby/extsources.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bindings/ruby/extsources.rb b/bindings/ruby/extsources.rb
index 850ac9841b1..58d18878367 100644
--- a/bindings/ruby/extsources.rb
+++ b/bindings/ruby/extsources.rb
@@ -46,7 +46,7 @@
 ]
 
 EXTSOURCES =
-  `git ls-files -z #{root}`.split("\x0")
+  IO.popen(["git", "ls-files", "-z", root.to_s]).read.split("\x0")
     .collect {|file| Pathname(file)}
     .reject {|file|
       ignored_exts.include?(file.extname) ||