From 1e1f1343611086277a6e4e78985bd6ec7698e6f7 Mon Sep 17 00:00:00 2001
From: sliptonic <shopinthewoods@gmail.com>
Date: Wed, 29 Dec 2021 10:28:51 -0600
Subject: [PATCH] fix #4810

use subprocess.Popen() to avoid executing arbitrary code
---
 src/Mod/Path/PathScripts/PathSanity.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Mod/Path/PathScripts/PathSanity.py b/src/Mod/Path/PathScripts/PathSanity.py
index 4b8ee5218b..6c5e0ac3f4 100644
--- a/src/Mod/Path/PathScripts/PathSanity.py
+++ b/src/Mod/Path/PathScripts/PathSanity.py
@@ -40,6 +40,7 @@ from collections import Counter
 from datetime import datetime
 import os
 import webbrowser
+import subprocess
 
 # Qt translation handling
 
@@ -464,7 +465,9 @@ class CommandPathSanity:
             )
 
         try:
-            result = os.system("asciidoctor {} -o {}".format(reportraw, reporthtml))
+            result = subprocess.Popen(
+                "asciidoctor {} -o {}".format(reportraw, reporthtml)
+            )
             if str(result) == "32512":
                 msg = "asciidoctor not found. html cannot be generated."
                 QtGui.QMessageBox.information(None, "Path Sanity", msg)