I just started using CodeWhisperer out of curiosity. And I saw that it had a security scan feature, and I ran it and saw a few issues in one of my projects. All of the were pointing to multiple instances of me using
os.system("cls")
and
os.startfile(file)
And I understood that it could be insecure to use os.system as it would be vulnerable to command injection attack, so I replace it with subprocess.call(["cmd", "/c", "cls"]).
Now I am seeing a new issue that says "subprocess module API is outdated". Can someone help me understand this because I am not able find any release notice or documentation stating that the subprocess module is outdated.
Also is os.startfile insecure? and if so what's a better and more secure alternative?
