Docker run subprocess shell=True command is insecure

[ryancurrah]

Using shell=True could open the Rundeck node to a shell injection vulnerability.

Warning Executing shell commands that incorporate unsanitized input from an untrusted source makes a program vulnerable to shell injection, a serious security flaw which can result in arbitrary command execution. For this reason, the use of shell=True is strongly discouraged in cases where the command string is constructed from external input

Source: https://docs.python.org/2/library/subprocess.html#frequently-used-arguments