fix: avoid shell in BIOS hardware probe

[bolasse1234]

Summary:

• replace the fixed wmic and dmidecode shell commands with argv-based subprocess calls
• add a 10 second timeout so the hardware probe cannot hang indefinitely
• keep the existing BIOS date parsing behavior, with a small fix for normal WMIC timestamps that include fractional/timezone suffixes
• add regression tests for the Windows path, Linux path, and command failure case

Security note:

• Severity: Low
• Scope: one local hardware-detection helper, one matching test file
• The old code passed static commands through a shell even though shell parsing was not needed. The patch keeps the same commands but calls them as argument lists.

Verification:

• python -m pytest tests\test_bios_pawpaw_detector.py
• Live-node testing is not applicable here; this code only probes local BIOS metadata. The tests cover the changed subprocess calls directly.

Bounty note:
If this is accepted for the bounty loop, please use my GitHub-login miner_id for payout. I am not posting payment details publicly.

[github-actions]

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

• Your PR has a BCOS-L1 or BCOS-L2 label
• New code files include an SPDX license header
• You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

[cerredz]

BIOS hardware probe review.

I verified the PR locally. The changed calls now use argv lists instead of shell strings, and the tests assert the Windows and Linux subprocess arguments directly. The 10-second timeout is also a useful guard against a local hardware probe hanging indefinitely.

Validation performed:

• python -m pytest tests\test_bios_pawpaw_detector.py -q => 3 passed
• python -m py_compile tools\bios_pawpaw_detector.py tests\test_bios_pawpaw_detector.py
• git diff --check origin/main...HEAD

Residual note, not a blocker for this scoped patch: get_bios_date() still catches all exceptions with a bare except, so future cleanup could narrow that to the expected subprocess/date parsing failures. The current PR does not introduce that pattern.

No blocking findings from my review.

[Scottcjn]

💰 PAID — 5 RTC pending, will confirm in 24h.

• tx hash: da376a26d5c4a05556b43108dd095e6c
• Pending ID: 1408

What worked

Welcome @bolasse1234! Removes unnecessary shell use from BIOS probing — careful hardening with sensible parser tests. Solid low-severity work.

— auto-triage 2026-05-10