From faa6f227c3edd31f7070a9a3ebbb75dccb1bc9d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jason=20=5B=EC=A0=9C=EC=9D=B4=EC=8A=A8=20=EC=A0=9C?=
 =?UTF-8?q?=EB=A1=AC=5D?= <20238115+DuckBoss@users.noreply.github.com>
Date: Sun, 7 Jun 2020 18:00:36 -0400
Subject: [PATCH] Updated security with auto_updater plugin

---
 JJMumbleBot/plugins/core/auto_updater/auto_updater.py        | 2 +-
 .../plugins/core/auto_updater/utility/auto_updater_helper.py | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/JJMumbleBot/plugins/core/auto_updater/auto_updater.py b/JJMumbleBot/plugins/core/auto_updater/auto_updater.py
index 5e628590..ee4b726f 100644
--- a/JJMumbleBot/plugins/core/auto_updater/auto_updater.py
+++ b/JJMumbleBot/plugins/core/auto_updater/auto_updater.py
@@ -37,7 +37,7 @@ def process(self, text):
                 return
             res = update_utils.update_available(message_parse[1])
             if res is True:
-                updated_version = update_utils.check_and_update(message_parse[1], self.metadata[C_PLUGIN_SET][P_PIP_CMD])
+                updated_version = update_utils.check_and_update(message_parse[1], pip_cmd=self.metadata[C_PLUGIN_SET][P_PIP_CMD])
                 if updated_version:
                     GS.gui_service.quick_gui(f"Dependency: [{message_parse[1]}] has been updated to v{updated_version}",
                                              text_type='header', box_align='left', ignore_whisper=True)
diff --git a/JJMumbleBot/plugins/core/auto_updater/utility/auto_updater_helper.py b/JJMumbleBot/plugins/core/auto_updater/utility/auto_updater_helper.py
index 81a3184a..42cbb787 100644
--- a/JJMumbleBot/plugins/core/auto_updater/utility/auto_updater_helper.py
+++ b/JJMumbleBot/plugins/core/auto_updater/utility/auto_updater_helper.py
@@ -3,6 +3,7 @@
 from requests import get
 from subprocess import call
 import pkg_resources
+import sys
 
 
 def check_pypi_version(package_name):
@@ -14,9 +15,7 @@ def check_pypi_version(package_name):
 
 
 def update_package(package_name, pip_cmd):
-    cmd = f'{pip_cmd}'
-    param = f'install --upgrade {package_name}'
-    if call([cmd, param]) == 0:
+    if call([sys.executable, '-m', pip_cmd, 'install', '--upgrade', package_name]) == 0:
         return True
     return False