Python

3186 readers

1 users here now

News and discussions about the programming language Python

founded 5 years ago

MODERATORS

[email protected]

The Right Way to Run Shell Commands From Python | Martin Heinz (martinheinz.dev)

submitted 1 year ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago (1 children)

e.g. shell=True allows you to pass the command as a single string

Don't do this. As the article says its much better to split the string using shlex and avoid the risk of shell injection vulnerabilities.

permalink
fedilink
source
hideshow 2 child comments

[–] [email protected] 2 points 1 year ago

It's fine for the majority of cases. Shell vulnerabilities exist when you take in user input. If it's a personal project or you are composing the string to pass to the shell without user input then it's perfectly fine.

permalink
fedilink
source
parent