From 739723bdd24ae74eb446fd66d980854d91fa3582 Mon Sep 17 00:00:00 2001
From: Giacomo Bertolazzi <31776951+Berack96@users.noreply.github.com>
Date: Sun, 26 Oct 2025 16:26:11 +0100
Subject: [PATCH] cmd  fix

Fix for security vulnerability

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 src/app/api/social/x.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/app/api/social/x.py b/src/app/api/social/x.py
index c14f5b6..30d93c0 100644
--- a/src/app/api/social/x.py
+++ b/src/app/api/social/x.py
@@ -32,8 +32,8 @@ class XWrapper(SocialWrapper):
         posts: list[SocialPost] = []
 
         for user in X_USERS:
-            cmd = f"rettiwt -k {self.api_key} tweet search {limit} -f {str(user)}"
-            process = subprocess.run(cmd, capture_output=True, shell=True)
+            cmd = ['rettiwt', '-k', self.api_key, 'tweet', 'search', str(limit), '-f', str(user)]
+            process = subprocess.run(cmd, capture_output=True)
             results = process.stdout.decode()
             json_result = json.loads(results)