Without this patch, subprocess fails to find .CMD scripts on Windows,
even though these are executables and should be treated as such
according to the PATHEXT environment variable.
Many people "work around" this issue on Windows with subprocess's
shell=True argument, but this comes with a risk of shell injection
vulnerabilities.
Another solution is to explicitly add ".CMD" to the end of some
commands on Windows, but this breaks portability and requires "if
windows" to be scattered around a codebase. We previously took this
approach in Shaka Player.
This monkeypatch allows the caller of subprocess to stop worrying
about Windows nuances and to go back to the security best practice of
shell=False. Any .CMD script that would be found by the Windows shell
will now be found by subprocess. And because we're using the standard
Windows PATHEXT environment variable, this can be extended to other
types of executable scripts, as well.
This monkeypatch can be used in any Python project that has this
issue, and merely has to be imported to function. It has been
verified in Python 3.8, both in the Cygwin version and in the native
Windows version of Python.
Change-Id: I37bb522fbf5f058431a209c73508bd225052999a
Joey Parrish