fix(docs_build_examples): enhance security and error handling in command execution and cleanup functions

Author: JakubAndrysek

.github/scripts/docs_build_examples.py

@@ -72,6 +72,14 @@
 
 def run_cmd(cmd, check=True, capture_output=False, text=True):
     """Execute a shell command with error handling."""
+    # Security: Ensure cmd is always a list to prevent command injection
+    if isinstance(cmd, str):
+        raise ValueError("cmd must be a list, not a string, to prevent command injection")
+    if not isinstance(cmd, list) or not cmd:
+        raise ValueError("cmd must be a non-empty list")
+    # Validate all elements are strings
+    if not all(isinstance(arg, str) for arg in cmd):
+        raise ValueError("All cmd arguments must be strings")
     try:
         return subprocess.run(
             cmd, check=check, capture_output=capture_output, text=text
@@ -260,8 +268,8 @@ def cleanup_binaries():
         if not os.listdir(root):
             try:
                 os.rmdir(root)
-            except Exception:
-                pass
+            except Exception as e:
+                print(f"WARNING: Failed to remove empty directory {root}: {e}")
     print("Cleanup completed")
 
 
@@ -284,7 +292,8 @@ def find_examples_with_upload_binary():
                 data = yaml.safe_load(ci_yml.read_text())
                 if "upload-binary" in data and data["upload-binary"]:
                     res.append(str(ino))
-            except Exception:
+            except Exception as e:
+                print(f"WARNING: Failed to parse ci.yml for {ci_yml}: {e}")
                 continue
     return res