this post was submitted on 07 Jun 2023
8 points (100.0% liked)

Python

76 readers
1 users here now

News and discussions about the programming language Python


founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] CosmicGiraffe@lemmy.world 4 points 1 year ago (1 children)

e.g. shell=True allows you to pass the command as a single string

Don't do this. As the article says its much better to split the string using shlex and avoid the risk of shell injection vulnerabilities.

[โ€“] perpetualmaniac@lemmy.ml 2 points 1 year ago

It's fine for the majority of cases. Shell vulnerabilities exist when you take in user input. If it's a personal project or you are composing the string to pass to the shell without user input then it's perfectly fine.