[issue34489] subprocess: execution of batch-files (.cmd/.bat) is vulnerable in python for windows / insufficient escape
Sergey G. Brester
report at bugs.python.org
Wed Aug 29 09:23:42 EDT 2018
Sergey G. Brester <serg.brester at sebres.de> added the comment:
> Would you consider adding your test suite into the regression tests as well?
Sure. Done.
> Right now, this is a well known issue on all platforms
Really? I can't imagine this for something else as windows (and it is currently fixed also for windows only).
Anyway if you want the same test-cases for other platforms also, the windows skip-constraint of new test-class "CommandTryInject" should be removed (and the set-up as well as "_do_execwithargs" should get additional processing for *nix-shell-script instead of the .bat-file).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34489>
_______________________________________
More information about the Python-bugs-list
mailing list