subprocess module usage
Earl Lapus
earl.lapus at gmail.com
Mon Sep 1 02:33:15 EDT 2014
On Mon, Sep 1, 2014 at 1:39 PM, Chris Angelico <rosuav at gmail.com> wrote:
>
> Glad it's working! But please, don't just take my word for it and make
> a black-box change to your code. When you invoke subprocesses, be sure
> you understand what's going on, and when shell=True is appropriate and
> when shell=False is appropriate. The docs should be fairly clear on
> this. If you get this sort of thing wrong, you'll get weird errors
> like this (if you're lucky), or open yourself up to shell injection
> vulnerabilities (if you're not).
>
The command and arguments that will be passed to check_output will not
depend on user input. So, the chances of malicious commands from being
executed would be low (right?).
What I'm really after is just to execute a specific command and 1)
retrieve it's output (if any) 2) detect any error returned while
executing the command. Anyway, I'll take your advise and review the
documentation again.
Cheers,
Earl
--
There are seven words in this sentence.
More information about the Python-list
mailing list