From ebf9c109ed8103781609ed0084f692d29300f13f Mon Sep 17 00:00:00 2001
From: Simon Fayer <sf105@ic.ac.uk>
Date: Tue, 9 Jun 2026 09:00:55 +0100
Subject: [PATCH] fix: Check all remaining subprocess-with-shell calls

---
 src/DIRAC/Core/Utilities/Subprocess.py                          | 2 +-
 src/DIRAC/FrameworkSystem/Service/SystemAdministratorHandler.py | 2 +-
 src/DIRAC/WorkloadManagementSystem/JobWrapper/JobWrapper.py     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/DIRAC/Core/Utilities/Subprocess.py b/src/DIRAC/Core/Utilities/Subprocess.py
index 434e99c0bc3..a87181c77ab 100644
--- a/src/DIRAC/Core/Utilities/Subprocess.py
+++ b/src/DIRAC/Core/Utilities/Subprocess.py
@@ -592,7 +592,7 @@ def shellCall(timeout, cmdSeq, callbackFunction=None, env=None, bufferLimit=5242
         result = shCall(timeout + 1)
     else:
         spObject = Subprocess(timeout, bufferLimit=bufferLimit)
-        result = spObject.systemCall(cmdSeq, callbackFunction=callbackFunction, env=env, shell=True)
+        result = spObject.systemCall(cmdSeq, callbackFunction=callbackFunction, env=env, shell=True)  #  nosec: B604
     return result
 
 
diff --git a/src/DIRAC/FrameworkSystem/Service/SystemAdministratorHandler.py b/src/DIRAC/FrameworkSystem/Service/SystemAdministratorHandler.py
index b1aca4079e4..beda313abdc 100644
--- a/src/DIRAC/FrameworkSystem/Service/SystemAdministratorHandler.py
+++ b/src/DIRAC/FrameworkSystem/Service/SystemAdministratorHandler.py
@@ -599,7 +599,7 @@ def __readHostInfo():
 
         # Disk occupancy
         summary = ""
-        _status, output = subprocess.getstatusoutput("df")
+        _status, output = subprocess.getstatusoutput("df")  # nosec: B605
         lines = output.split("\n")
         for i in range(len(lines)):
             if lines[i].startswith("/dev"):
diff --git a/src/DIRAC/WorkloadManagementSystem/JobWrapper/JobWrapper.py b/src/DIRAC/WorkloadManagementSystem/JobWrapper/JobWrapper.py
index 23ef2c38a7f..43e72f91738 100755
--- a/src/DIRAC/WorkloadManagementSystem/JobWrapper/JobWrapper.py
+++ b/src/DIRAC/WorkloadManagementSystem/JobWrapper/JobWrapper.py
@@ -1604,7 +1604,7 @@ def run(self):
         log.verbose("Cmd called", self.cmd)
         output = self.spObject.systemCall(
             self.cmd, env=self.exeEnv, callbackFunction=self.sendOutput, shell=True, start_new_session=True
-        )
+        )  # nosec: B604
         log.verbose(f"Output of system call within execution thread: {output}")
         self.executionResults["Thread"] = output
         timing = time.time() - start