From 4ba6e699b48479833b603f7fe55b359d92cfa8d9 Mon Sep 17 00:00:00 2001
From: Yabets Mebratu <myabets4@gmail.com>
Date: Sun, 31 May 2026 10:36:12 -0700
Subject: [PATCH] fix: patch CWE-78 in console_io.py with CALUS kill-chain
 context

---
 fire/console/console_io.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fire/console/console_io.py b/fire/console/console_io.py
index ec0858d9..413e3eb9 100644
--- a/fire/console/console_io.py
+++ b/fire/console/console_io.py
@@ -16,6 +16,7 @@
 """General console printing utilities used by the Cloud SDK."""
 
 import os
+import shlex
 import signal
 import subprocess
 import sys
@@ -97,7 +98,7 @@ def More(contents, out, prompt=None, check_pager=True):
       # Ignore SIGINT while the pager is running.
       # We don't want to terminate the parent while the child is still alive.
       signal.signal(signal.SIGINT, signal.SIG_IGN)
-      p = subprocess.Popen(pager, stdin=subprocess.PIPE, shell=True)
+      p = subprocess.Popen(shlex.split(pager), stdin=subprocess.PIPE)
       enc = console_attr.GetConsoleAttr().GetEncoding()
       p.communicate(input=contents.encode(enc))
       p.wait()