Is there any way to fix the command injection solely in the Makefile?
If Bash is used as the SHELL for make[0], then it might be possible with the ${parameter@Q} parameter expansion[1]?
I would still rather resort to python's shlex.quote[2] on the python side of things tbh.
[0]: https://stackoverflow.com/questions/589276/how-can-i-use-bas...
[1]: https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.... (at the end of the chapter)
[2]: https://docs.python.org/3/library/shlex.html#shlex.quote
If Bash is used as the SHELL for make[0], then it might be possible with the ${parameter@Q} parameter expansion[1]?
I would still rather resort to python's shlex.quote[2] on the python side of things tbh.
[0]: https://stackoverflow.com/questions/589276/how-can-i-use-bas...
[1]: https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.... (at the end of the chapter)
[2]: https://docs.python.org/3/library/shlex.html#shlex.quote