From a3ed68508bbee5965a517559f90a60ab76101e33 Mon Sep 17 00:00:00 2001
From: Daniel Mach <daniel.mach@suse.com>
Date: Tue, 28 May 2024 09:04:56 +0200
Subject: [PATCH] Remove no longer valid warning from core.unpack_srcrpm()

Shell injection is not possible with Popen() which has shell=False as a default.
---
 osc/core.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/osc/core.py b/osc/core.py
index 1a3f5ab3..27d5535a 100644
--- a/osc/core.py
+++ b/osc/core.py
@@ -5181,8 +5181,6 @@ def unpack_srcrpm(srpm, dir, *files):
         with open(os.devnull, 'w') as devnull:
             rpm2cpio_proc = subprocess.Popen(['rpm2cpio'], stdin=fsrpm,
                                              stdout=subprocess.PIPE)
-            # XXX: shell injection is possible via the files parameter, but the
-            #      current osc code does not use the files parameter.
             cpio_proc = subprocess.Popen(['cpio', '-i'] + list(files),
                                          stdin=rpm2cpio_proc.stdout,
                                          stderr=devnull)