From 8d310b89ead275a80dbacf299dae4b9524240aaa Mon Sep 17 00:00:00 2001
From: Ethan Harris <ethanwharris@gmail.com>
Date: Thu, 27 Apr 2023 11:21:04 +0100
Subject: [PATCH] [App] Add missing python-multipart dependency (#17244)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Jirka Borovec <6035284+Borda@users.noreply.github.com>
Co-authored-by: Jirka <jirka.borovec@seznam.cz>
---
 pyproject.toml                         | 8 ++++++++
 requirements/app/base.txt              | 1 +
 src/lightning/app/cli/lightning_cli.py | 2 +-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 5dc67dd52a..e0d7aad0db 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -90,6 +90,10 @@ ignore-init-module-imports = true
     "S113",  # todo: Probable use of requests call without timeout
     "S301",  # todo: `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
     "S324",  # todo: Probable use of insecure hash functions in `hashlib`
+    "S602",  # todo: `subprocess` call with `shell=True` identified, security issue
+    "S603",  # todo: `subprocess` call: check for execution of untrusted input
+    "S605",  # todo: Starting a process with a shell: seems safe, but may be changed in the future; consider rewriting without `shell`
+    "S607",  # todo: Starting a process with a partial executable path
 ]
 "tests/**" = [
     "S101",  # Use of `assert` detected
@@ -98,6 +102,10 @@ ignore-init-module-imports = true
     "S113",  # todo: Probable use of requests call without timeout
     "S311",  # todo: Standard pseudo-random generators are not suitable for cryptographic purposes
     "S108",  # todo: Probable insecure usage of temporary file or directory: "/tmp/sys-customizations-sync"
+    "S602",  # todo: `subprocess` call with `shell=True` identified, security issue
+    "S603",  # todo: `subprocess` call: check for execution of untrusted input
+    "S605",  # todo: Starting a process with a shell: seems safe, but may be changed in the future; consider rewriting without `shell`
+    "S607",  # todo: Starting a process with a partial executable path
 ]
 
 [tool.ruff.mccabe]
diff --git a/requirements/app/base.txt b/requirements/app/base.txt
index 740644439a..b4cc37fdfc 100644
--- a/requirements/app/base.txt
+++ b/requirements/app/base.txt
@@ -12,6 +12,7 @@ beautifulsoup4 >=4.8.0, <4.11.2
 inquirer >=2.10.0, <=3.1.3
 psutil <5.9.5
 click <=8.1.3
+python-multipart>=0.0.5, <=0.0.6
 
 fastapi >=0.69.0, <0.89.0  # strict; TODO: broken serializations
 starlette  # https://fastapi.tiangolo.com/deployment/versions/#about-starlette
diff --git a/src/lightning/app/cli/lightning_cli.py b/src/lightning/app/cli/lightning_cli.py
index 3cbc8f2807..9aa223d66c 100644
--- a/src/lightning/app/cli/lightning_cli.py
+++ b/src/lightning/app/cli/lightning_cli.py
@@ -529,7 +529,7 @@ def ssh(app_name: Optional[str] = None, component_name: Optional[str] = None) ->
         raise click.ClickException(
             "Unable to find the ssh binary. You must install ssh first to use this functionality."
         )
-    os.execv(ssh_path, ["-tt", f"{component_id}@{ssh_endpoint}"])
+    os.execv(ssh_path, ["-tt", f"{component_id}@{ssh_endpoint}"])  # noqa: S606
 
 
 @_main.group()