this post was submitted on 07 Jun 2023
5 points (100.0% liked)

Python

3235 readers
1 users here now

News and discussions about the programming language Python

founded 5 years ago
MODERATORS
MinutePhrase@lemmy.ml
5
The Right Way to Run Shell Commands From Python | Martin Heinz (martinheinz.dev)
submitted 1 year ago by jnovinger@lemmy.ml to c/python@lemmy.ml
2 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] CosmicGiraffe@lemmy.world 4 points 1 year ago (1 children)

e.g. shell=True allows you to pass the command as a single string

Don't do this. As the article says its much better to split the string using shlex and avoid the risk of shell injection vulnerabilities.

[โ€“] perpetualmaniac@lemmy.ml 2 points 1 year ago

It's fine for the majority of cases. Shell vulnerabilities exist when you take in user input. If it's a personal project or you are composing the string to pass to the shell without user input then it's perfectly fine.