Skip to content

[DO NOT MERGE] Test#45741

Open
saanikaguptamicrosoft wants to merge 1 commit intoAzure:mainfrom
saanikaguptamicrosoft:saanika/hello
Open

[DO NOT MERGE] Test#45741
saanikaguptamicrosoft wants to merge 1 commit intoAzure:mainfrom
saanikaguptamicrosoft:saanika/hello

Conversation

@saanikaguptamicrosoft
Copy link
Contributor

@saanikaguptamicrosoft saanikaguptamicrosoft commented Mar 17, 2026

Description

Please add an informative description that covers that changes made by the pull request and link all relevant issues.

If an SDK is being regenerated based on a new API spec, a link to the pull request containing these API spec changes should be included above.

All SDK Contribution checklist:

  • The pull request does not introduce [breaking changes]
  • CHANGELOG is updated for new features, bug fixes or other significant changes.
  • I have read the contribution guidelines.

General Guidelines and Best Practices

  • Title of the pull request is clear and informative.
  • There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

  • Pull request includes test coverage for the included changes.

Copilot AI review requested due to automatic review settings March 17, 2026 07:58
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modifies commandline_utility.py to avoid shell injection risks by using shell=False with argv form on non-Windows platforms, and subprocess.list2cmdline with shell=True on Windows. It also adds unit tests for the run_cli_command function.

Changes:

  • Replaces shell=True with platform-aware subprocess invocation to mitigate shell injection
  • Adds a proper unit test file for run_cli_command
  • Accidentally embeds test functions and a unittest.mock import in production code

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py Platform-aware shell handling; unfortunately also adds test code and unittest.mock import to production
sdk/ml/azure-ai-ml/tests/local_endpoint/unittests/test_commandline_utility.py New unit tests covering stderr redirection, shell metacharacters, JSON parsing, and error propagation

sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py
import subprocess
import sys
import time
from unittest import mock
sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py
Comment on lines +126 to +173
def _test_run_cli_command_stderr_to_stdout_true():
"""Internal test to validate subprocess arguments when stderr_to_stdout is True."""
cmd = ["echo", "hello"]
custom_env = {"FOO": "BAR"}
with mock.patch("subprocess.check_output") as check_output_mock:
check_output_mock.return_value = b""
run_cli_command(
cmd_arguments=cmd,
custom_environment=custom_env,
return_json=False,
timeout=None,
do_not_print=True,
stderr_to_stdout=True,
)
# Verify argv (first positional argument) is passed through unchanged.
assert check_output_mock.call_args is not None
called_args, called_kwargs = check_output_mock.call_args
assert called_args[0] == cmd
# Verify shell and stderr behavior.
assert called_kwargs.get("shell") is False
assert called_kwargs.get("stderr") is subprocess.STDOUT
# Verify environment is forwarded.
assert called_kwargs.get("env") == custom_env


def _test_run_cli_command_stderr_to_stdout_false():
"""Internal test to validate subprocess arguments when stderr_to_stdout is False."""
cmd = ["echo", "hello"]
custom_env = {"FOO": "BAR"}
with mock.patch("subprocess.check_output") as check_output_mock:
check_output_mock.return_value = b""
run_cli_command(
cmd_arguments=cmd,
custom_environment=custom_env,
return_json=False,
timeout=None,
do_not_print=True,
stderr_to_stdout=False,
)
# Verify argv (first positional argument) is passed through unchanged.
assert check_output_mock.call_args is not None
called_args, called_kwargs = check_output_mock.call_args
assert called_args[0] == cmd
# Verify shell behavior and absence of stderr redirection.
assert called_kwargs.get("shell") is False
assert "stderr" not in called_kwargs
# Verify environment is forwarded.
assert called_kwargs.get("env") == custom_env
sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py
Comment on lines +124 to +173


def _test_run_cli_command_stderr_to_stdout_true():
"""Internal test to validate subprocess arguments when stderr_to_stdout is True."""
cmd = ["echo", "hello"]
custom_env = {"FOO": "BAR"}
with mock.patch("subprocess.check_output") as check_output_mock:
check_output_mock.return_value = b""
run_cli_command(
cmd_arguments=cmd,
custom_environment=custom_env,
return_json=False,
timeout=None,
do_not_print=True,
stderr_to_stdout=True,
)
# Verify argv (first positional argument) is passed through unchanged.
assert check_output_mock.call_args is not None
called_args, called_kwargs = check_output_mock.call_args
assert called_args[0] == cmd
# Verify shell and stderr behavior.
assert called_kwargs.get("shell") is False
assert called_kwargs.get("stderr") is subprocess.STDOUT
# Verify environment is forwarded.
assert called_kwargs.get("env") == custom_env


def _test_run_cli_command_stderr_to_stdout_false():
"""Internal test to validate subprocess arguments when stderr_to_stdout is False."""
cmd = ["echo", "hello"]
custom_env = {"FOO": "BAR"}
with mock.patch("subprocess.check_output") as check_output_mock:
check_output_mock.return_value = b""
run_cli_command(
cmd_arguments=cmd,
custom_environment=custom_env,
return_json=False,
timeout=None,
do_not_print=True,
stderr_to_stdout=False,
)
# Verify argv (first positional argument) is passed through unchanged.
assert check_output_mock.call_args is not None
called_args, called_kwargs = check_output_mock.call_args
assert called_args[0] == cmd
# Verify shell behavior and absence of stderr redirection.
assert called_kwargs.get("shell") is False
assert "stderr" not in called_kwargs
# Verify environment is forwarded.
assert called_kwargs.get("env") == custom_env
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@achauhan-scc achauhan-scc Awaiting requested review from achauhan-scc achauhan-scc is a code owner

@arunsu arunsu Awaiting requested review from arunsu arunsu is a code owner

@jayesh-tanna jayesh-tanna Awaiting requested review from jayesh-tanna jayesh-tanna is a code owner

@JustinFirsching JustinFirsching Awaiting requested review from JustinFirsching JustinFirsching is a code owner

@kingernupur kingernupur Awaiting requested review from kingernupur kingernupur is a code owner

@nick863 nick863 Awaiting requested review from nick863 nick863 is a code owner

@NonStatic2014 NonStatic2014 Awaiting requested review from NonStatic2014 NonStatic2014 is a code owner

@novaturient95 novaturient95 Awaiting requested review from novaturient95 novaturient95 is a code owner

@raduk raduk Awaiting requested review from raduk raduk is a code owner

@rtanase rtanase Awaiting requested review from rtanase rtanase is a code owner

@sharma-riti sharma-riti Awaiting requested review from sharma-riti sharma-riti is a code owner

@vivram vivram Awaiting requested review from vivram vivram is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Machine Learning

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@saanikaguptamicrosoft