Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #10850

Re: Snippet: The leanest Popen wrapper

References <51b2d157-3fea-4f8e-80b4-e7142629eca8@s21g2000pre.googlegroups.com> <mailman.1856.1312392464.1164.python-list@python.org> <j1dk6h$qe1$1@r03.glglgl.eu>
Date 2011-08-04 01:42 -0700
Subject Re: Snippet: The leanest Popen wrapper
From Chris Rebert <clp2@rebertia.com>
Newsgroups comp.lang.python
Message-ID <mailman.1883.1312447357.1164.python-list@python.org> (permalink)

Show all headers | View raw

On Thu, Aug 4, 2011 at 1:10 AM, Thomas Rachel
<nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de>
wrote:
> Am 03.08.2011 19:27 schrieb Chris Rebert:
>
>>>                     shell= True,
>>
>> I would strongly encourage you to avoid shell=True.
>
> ACK, but not because it is hard, but because it is unnecessary and unelegant
> at this point.
>
>> You really don't want to have to worry about doing proper shell escaping
>> yourself.
>
> That's nothing to really worry about - just doing
>
> def shellquote(*strs):
>        return " ".join([
>                "'"+st.replace("'","'\\''")+"'"
>                for st in strs
>        ])
>
> would do perfectly: shellquote('echo', "'", '"', " ", "\n")

I was considering the more general case where one of the strings may
have come from user input. You then need to also escape
$looks_like_a_var, `some_command`, and way more other such stuff that
your simple function doesn't cover. Even if the user is trusted, not
escaping such things can still lead to bizarre unintended
output/results.

If the commands are completely static, then yes, I agree that lack of
necessity then becomes the main argument against shell=True.

Cheers,
Chris
--
http://rebertia.com

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Snippet: The leanest Popen wrapper Phlip <phlip2005@gmail.com> - 2011-08-03 08:29 -0700
  Re: Snippet: The leanest Popen wrapper Peter Otten <__peter__@web.de> - 2011-08-03 18:21 +0200
  Re: Snippet: The leanest Popen wrapper Thomas Jollans <t@jollybox.de> - 2011-08-03 18:39 +0200
  Re: Snippet: The leanest Popen wrapper Chris Rebert <clp2@rebertia.com> - 2011-08-03 10:27 -0700
    Re: Snippet: The leanest Popen wrapper Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-08-04 10:10 +0200
      Re: Snippet: The leanest Popen wrapper Chris Rebert <clp2@rebertia.com> - 2011-08-04 01:42 -0700
        Re: Snippet: The leanest Popen wrapper Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-08-04 11:25 +0200
  Re: Snippet: The leanest Popen wrapper Phlip <phlip2005@gmail.com> - 2011-08-03 11:04 -0700
  Re: Snippet: The leanest Popen wrapper Terry Reedy <tjreedy@udel.edu> - 2011-08-03 16:20 -0400
  Re: Snippet: The leanest Popen wrapper Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-08-04 10:24 +0200
  Re: Snippet: The leanest Popen wrapper Yves-Gwenael Bourhis <ybourhis@distroiwork4.com> - 2011-08-04 15:19 +0200

csiph-web