From 7625685c261d28a00d54dfa3b168622931b694b7 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Tue, 19 May 2026 18:19:56 +0000
Subject: [PATCH] Fix command injection via os.system

Co-authored-by: tjzegmott <20817254+tjzegmott@users.noreply.github.com>
---
 dtcli/src/functions.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dtcli/src/functions.py b/dtcli/src/functions.py
index b1129b4..5b70a1d 100644
--- a/dtcli/src/functions.py
+++ b/dtcli/src/functions.py
@@ -4,6 +4,7 @@
 import os
 import re
 import shutil
+import subprocess
 import time
 from collections import defaultdict
 from pathlib import Path
@@ -297,8 +298,8 @@ def get_files(
         if site == "canfar":
             for folder in folders:
                 os.makedirs(folder, exist_ok=True)
-                os.system(f"chgrp -R chime-frb-rw {folder}")  # nosec
-                os.system(f"chmod -R g+w {folder}")  # nosec
+                subprocess.run(["chgrp", "-R", "chime-frb-rw", folder])
+                subprocess.run(["chmod", "-R", "g+w", folder])
         else:
             for folder in folders:
                 os.makedirs(folder, exist_ok=True)