S603: `sys.executable` flagged as untrusted input

[steovd]

Summary

Ruff treats sys.executable as untrusted input when AFAIK it is not.

subprocess.run([sys.executable, "-m", "pip", "install", "ruff"], check=True)

In Ruff 0.15.6, this gets flagged with S603 `subprocess` call: check for execution of untrusted input.

#17112 was solved by allowing string literals, so maybe another exception can be added?

[ntBre]

I think it makes sense to include this as a known exception. I think the relevant code is here:

ruff/crates/ruff_linter/src/rules/flake8_bandit/rules/shell_injection.rs

Lines 297 to 308 in f32b9bb

	/// Check if an expression is a trusted input for subprocess.run.
	/// We assume that any str, list[str] or tuple[str] literal can be trusted.
	fn is_trusted_input(arg: &Expr) -> bool {
	match arg {
	Expr::StringLiteral(_) => true,
	Expr::List(ast::ExprList { elts, .. }) | Expr::Tuple(ast::ExprTuple { elts, .. }) => {
	elts.iter().all(|elt| matches!(elt, Expr::StringLiteral(_)))
	}
	Expr::Named(named) => is_trusted_input(&named.value),
	_ => false,
	}
	}

[vivekkhimani]

@ntBre I opened a PR for this! Would love a review