e.g. shell=True allows you to pass the command as a single string
Don't do this. As the article says its much better to split the string using shlex
and avoid the risk of shell injection vulnerabilities.
News and discussions about the programming language Python
e.g. shell=True allows you to pass the command as a single string
Don't do this. As the article says its much better to split the string using shlex
and avoid the risk of shell injection vulnerabilities.
It's fine for the majority of cases. Shell vulnerabilities exist when you take in user input. If it's a personal project or you are composing the string to pass to the shell without user input then it's perfectly fine.