From 7a1b69e6d6f5a445d4456bb619b523452dcefebd Mon Sep 17 00:00:00 2001
From: manav363 <manavgarg2326@gmail.com>
Date: Fri, 2 Jan 2026 15:51:02 +0530
Subject: [PATCH] Fix security issues detected by contrib

---
 scripts/playwright/cookie_param_models/image01.py | 3 ++-
 scripts/playwright/header_param_models/image01.py | 3 ++-
 scripts/playwright/query_param_models/image01.py  | 3 ++-
 scripts/playwright/sql_databases/image01.py       | 1 +
 scripts/playwright/sql_databases/image02.py       | 1 +
 5 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/scripts/playwright/cookie_param_models/image01.py b/scripts/playwright/cookie_param_models/image01.py
index 77c91bfe22..aaefdb8c75 100644
--- a/scripts/playwright/cookie_param_models/image01.py
+++ b/scripts/playwright/cookie_param_models/image01.py
@@ -24,7 +24,8 @@ def run(playwright: Playwright) -> None:
 
 
 process = subprocess.Popen(
-    ["fastapi", "run", "docs_src/cookie_param_models/tutorial001.py"]
+    ["fastapi", "run", "docs_src/cookie_param_models/tutorial001.py"],
+    shell=False
 )
 try:
     for _ in range(3):
diff --git a/scripts/playwright/header_param_models/image01.py b/scripts/playwright/header_param_models/image01.py
index 53914251ed..57680c26d4 100644
--- a/scripts/playwright/header_param_models/image01.py
+++ b/scripts/playwright/header_param_models/image01.py
@@ -23,7 +23,8 @@ def run(playwright: Playwright) -> None:
 
 
 process = subprocess.Popen(
-    ["fastapi", "run", "docs_src/header_param_models/tutorial001.py"]
+    ["fastapi", "run", "docs_src/header_param_models/tutorial001.py"],
+    shell=False
 )
 try:
     for _ in range(3):
diff --git a/scripts/playwright/query_param_models/image01.py b/scripts/playwright/query_param_models/image01.py
index 0ea1d0df4e..c3749c42a8 100644
--- a/scripts/playwright/query_param_models/image01.py
+++ b/scripts/playwright/query_param_models/image01.py
@@ -26,7 +26,8 @@ def run(playwright: Playwright) -> None:
 
 
 process = subprocess.Popen(
-    ["fastapi", "run", "docs_src/query_param_models/tutorial001.py"]
+    ["fastapi", "run", "docs_src/query_param_models/tutorial001.py"],
+    shell=False
 )
 try:
     for _ in range(3):
diff --git a/scripts/playwright/sql_databases/image01.py b/scripts/playwright/sql_databases/image01.py
index 0dd6f25145..d2fb310857 100644
--- a/scripts/playwright/sql_databases/image01.py
+++ b/scripts/playwright/sql_databases/image01.py
@@ -23,6 +23,7 @@ def run(playwright: Playwright) -> None:
 
 process = subprocess.Popen(
     ["fastapi", "run", "docs_src/sql_databases/tutorial001.py"],
+    shell=False
 )
 try:
     for _ in range(3):
diff --git a/scripts/playwright/sql_databases/image02.py b/scripts/playwright/sql_databases/image02.py
index 6c4f685e86..e5994c5076 100644
--- a/scripts/playwright/sql_databases/image02.py
+++ b/scripts/playwright/sql_databases/image02.py
@@ -23,6 +23,7 @@ def run(playwright: Playwright) -> None:
 
 process = subprocess.Popen(
     ["fastapi", "run", "docs_src/sql_databases/tutorial002.py"],
+    shell=False
 )
 try:
     for _ in range(3):