Security fix subprocess

Removed shell=True from subprocess, and correctly switch commands to lists.

.gitignore

@@ -124,3 +124,7 @@ dmypy.json
 .pyre/
 
 TODO
+
+toBinary
+
+binary/

mediainfosama/__main__.py

@@ -0,0 +1,2 @@
+if __name__ == "__main__":
+    import main

mediainfosama/file_cmds.py

@@ -1,5 +1,4 @@
-import os, subprocess, json
+import os, subprocess
-from shlex import quote
 
 class FileCmds:
     def __init__(self, file_path):
@@ -19,7 +18,7 @@ class FileCmds:
         :type cmd: str
         :return: str   
         '''
-        process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
+        process = subprocess.Popen(cmd, stdout=subprocess.PIPE)
         output, error = process.communicate()
         return output
 
@@ -44,7 +43,7 @@ class FileCmds:
         :type inform: str
         :rtype: str   
         '''
-        bash_command = f"mediainfo --Inform={quote(inform)} {quote(self.file_path)}"
+        bash_command = ["mediainfo", f"--Inform={inform}", self.file_path]
         output = self.execute_bash(bash_command).decode('utf-8')
         return output
 
@@ -105,7 +104,7 @@ class FileCmds:
             output += "M: Menu\n\n"
 
         output += "\n"
-        output += self.execute_bash(f"mediainfo {quote(self.file_path)}").decode('utf-8')
+        output += self.execute_bash(["mediainfo", self.file_path]).decode('utf-8')
         return(output)
 
 
@@ -115,7 +114,7 @@ class FileCmds:
 
         :rtype: string
         '''
-        output = self.execute_bash(f"mediainfo --Full {quote(self.file_path)}").decode('utf-8')
+        output = self.execute_bash(["mediainfo", "--Full", self.file_path]).decode('utf-8')
         return output