Methods that do actual shell-exec stuff should be annotated as SHELL_EXEC, methods that escape stuff should be annotated as such, etc. The existing annotations should be left in place for older versions of MediaWiki.
|Open||None||T252745 Sandbox/limit child processes within a container runtime|
|Open||tstarling||T260330 RFC: PHP microservice for containerized shell execution|
|Resolved||Daimona||T273965 Add taintedness data for new methods in Shellbox|