Replace os.system() with subprocess.Popen() for safer URL handling

[assisted-by-ai]

Summary

Refactored the exec_curl() function to use subprocess.Popen() instead of os.system() for improved security and reliability when executing curl commands with URLs.

Key Changes

• Security improvement: Replaced os.system() with subprocess.Popen() using a list of arguments (no shell invocation) to safely pass URLs without risk of shell interpretation
• Better error handling: Added try-except block to gracefully handle subprocess exceptions
• Cleaner return logic: Improved the return value logic by explicitly checking result.returncode == 0 instead of string matching on the return code
• Import cleanup: Removed unused os module import and added subprocess import
• Added .gitignore: Included __pycache__/ to ignore Python cache files
• Documentation: Added reviewer comments explaining the security approach and that URLs are sourced from trusted root-owned configuration files

Implementation Details

The refactored code uses subprocess.Popen() with:

• A list of arguments (['curl', '--head', c_url]) to prevent shell interpretation
• stdout=subprocess.DEVNULL and stderr=subprocess.DEVNULL to suppress output
• Explicit return code checking (result.returncode == 0) for clearer intent
• Exception handling to catch any subprocess-related errors

https://claude.ai/code/session_01JtRcMr5tVpDPo7be3GzaYU

[ArrayBolt3]

Accepted with minor tweaks in ArrayBolt3@732889d. Note however that the onion-tester script is broken and so the function that has been polished never gets called. Added a TODO in ArrayBolt3@5731137.