The Right Way to Run Shell Commands From Python | Martin Heinz (martinheinz.dev)

submitted 2 years ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

top 2 comments

sorted by: hot top new old

[-] [email protected] 2 points 2 years ago

e.g. shell=True allows you to pass the command as a single string

Don't do this. As the article says its much better to split the string using shlex and avoid the risk of shell injection vulnerabilities.

permalink
fedilink
source
hideshow 2 child comments

[-] [email protected] 2 points 2 years ago

It's fine for the majority of cases. Shell vulnerabilities exist when you take in user input. If it's a personal project or you are composing the string to pass to the shell without user input then it's perfectly fine.

permalink
fedilink
source

this post was submitted on 07 Jun 2023

2 points (100.0% liked)

Python

3398 readers

1 users here now

News and discussions about the programming language Python

founded 6 years ago

MODERATORS

[email protected]