Allow arbitrary arguments to be bassed through the pip module

[Akm0d]

What does this PR do?

Port #52327 to master

[dwoz]

Seems like we need to validate that we are not introducing the potential for a shell escape here

[Akm0d]

Seems like we need to validate that we are not introducing the potential for a shell escape here

The python documentation on subprocess has this to say:

Unlike some other popen functions, this implementation will never implicitly call a system shell. This means that all characters, including shell metacharacters, can safely be passed to child processes. If the shell is invoked explicitly, via shell=True, it is the application’s responsibility to ensure that all whitespace and metacharacters are quoted appropriately to avoid shell injection vulnerabilities.

When using shell=True, the shlex.quote() function can be used to properly escape whitespace and shell metacharacters in strings that are going to be used to construct shell commands.

Perhaps it would be good to wrap all options in shlex.quote() before appending them to the pip command

[Akm0d]

Actually, this is already handled in cmdmod.py which is where the pip command is ultimately handed to:

if python_shell is not True and not salt.utils.platform.is_windows() and not isinstance(cmd, list):
        cmd = salt.utils.args.shlex_split(cmd)