[Senate] Fix command injection in bridge.py file listing with safe subprocess

[Senate] Fix command injection in bridge.py file listing with safe subprocess

ID: ac50dffd-895 Priority: 92 Type: one_shot Status: open

Goal

Critical (C-4): bridge.py:17 uses shell=True with f-string for find command. Replace with list-based subprocess call to prevent command injection. See security_audit_2026-04-02.md for safe implementation example.

Acceptance Criteria

Work Log

2026-04-20 19:01 PDT — Slot 43

• Re-evaluated current main/worktree state: root bridge.py is now a compatibility entrypoint and maintained implementation lives in scripts/bridge.py.
• Confirmed the prior vulnerable shell=True f-string is not present; /files already used list-based subprocess.run.
• Refactored the file listing command into FILE_FIND_COMMAND and list_bridge_files() so the safe argument-vector behavior is explicit and testable.
• Added a regression test that monkeypatches subprocess.run and verifies /files uses a list argument vector with no shell keyword.
• Tests: pytest tests/test_bridge_path_validation.py.