this post was submitted on 07 Jun 2023
8 points (100.0% liked)

Python

3235 readers
1 users here now

News and discussions about the programming language Python


founded 5 years ago
MODERATORS
top 2 comments
sorted by: hot top controversial new old
[โ€“] CosmicGiraffe 4 points 1 year ago (1 children)

e.g. shell=True allows you to pass the command as a single string

Don't do this. As the article says its much better to split the string using shlex and avoid the risk of shell injection vulnerabilities.

[โ€“] [email protected] 2 points 1 year ago

It's fine for the majority of cases. Shell vulnerabilities exist when you take in user input. If it's a personal project or you are composing the string to pass to the shell without user input then it's perfectly fine.