Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #10850

Re: Snippet: The leanest Popen wrapper

Path csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <chris@rebertia.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.043
X-Spam-Evidence '*H*': 0.92; '*S*': 0.00; 'escape': 0.04; 'skip:` 10': 0.07; 'am,': 0.13; 'wrote:': 0.15; '"\\n")': 0.16; 'bizarre': 0.16; 'input.': 0.16; 'rachel': 0.16; 'skip:\xc2 30': 0.16; 'strs': 0.16; 'argument': 0.16; 'cc:addr:python-list': 0.16; '>>>': 0.16; 'def': 0.16; 'aug': 0.19; 'true,': 0.19; 'cheers,': 0.19; 'cc:2**0': 0.21; 'cc:no real name:2**0': 0.22; "doesn't": 0.22; 'header:In-Reply-To:1': 0.22; 'stuff': 0.22; 'function': 0.26; 'thu,': 0.28; 'yourself.': 0.28; 'message- id:@mail.gmail.com': 0.28; 'shell': 0.29; 'cc:addr:python.org': 0.30; 'chris': 0.32; 'things': 0.34; 'agree': 0.35; 'doing': 0.37; 'but': 0.37; 'received:google.com': 0.38; 'received:209.85': 0.38; 'user': 0.38; 'subject:: ': 0.38; '8bit%:6': 0.39; 'case': 0.39; 'received:209': 0.40; 'where': 0.40; 'your': 0.60; 'skip:$ 10': 0.63; 'subject:The': 0.73; 'unnecessary': 0.73; '19:27': 0.84; 'escaping': 0.84; 'schrieb': 0.84; 'sender:addr:chris': 0.84; 'trusted,': 0.84; 'url:rebertia': 0.84; 'received:209.85.218.46': 0.91; 'received:mail-yi0-f46.google.com': 0.91; 'to:none': 0.93
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=rebertia.com; s=google; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:cc:content-type :content-transfer-encoding; bh=9eX1OnUO5NRUAU9sTBCHTU4KrsY250dbyIsPg0p9rNM=; b=YYD9OvBg2n2EWvh+Syq0Gq0WEyoYlWksXl0zX7R84FJwBDoy+lqMjMW9Ai30b+cRq0 CyhRYqTUbqAThPuoVv6x8X78tiqEf8rbG7OdP9LIEy4pYLfiiPdzMgoaQG8AdudkOi+X 270m52A+a0K2kTd0Uxdi10b+I8HjU7/pEGmm0=
MIME-Version 1.0
Sender chris@rebertia.com
In-Reply-To <j1dk6h$qe1$1@r03.glglgl.eu>
References <51b2d157-3fea-4f8e-80b4-e7142629eca8@s21g2000pre.googlegroups.com> <mailman.1856.1312392464.1164.python-list@python.org> <j1dk6h$qe1$1@r03.glglgl.eu>
Date Thu, 4 Aug 2011 01:42:34 -0700
X-Google-Sender-Auth 8i1JMtBqmtcUb6Qsd8ROgoBRXaM
Subject Re: Snippet: The leanest Popen wrapper
From Chris Rebert <clp2@rebertia.com>
Cc python-list@python.org
Content-Type text/plain; charset=UTF-8
Content-Transfer-Encoding quoted-printable
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.12
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.1883.1312447357.1164.python-list@python.org> (permalink)
Lines 42
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1312447357 news.xs4all.nl 23933 [2001:888:2000:d::a6]:48852
X-Complaints-To abuse@xs4all.nl
Xref x330-a1.tempe.blueboxinc.net comp.lang.python:10850

Show key headers only | View raw

On Thu, Aug 4, 2011 at 1:10 AM, Thomas Rachel
<nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de>
wrote:
> Am 03.08.2011 19:27 schrieb Chris Rebert:
>
>>>                     shell= True,
>>
>> I would strongly encourage you to avoid shell=True.
>
> ACK, but not because it is hard, but because it is unnecessary and unelegant
> at this point.
>
>> You really don't want to have to worry about doing proper shell escaping
>> yourself.
>
> That's nothing to really worry about - just doing
>
> def shellquote(*strs):
>        return " ".join([
>                "'"+st.replace("'","'\\''")+"'"
>                for st in strs
>        ])
>
> would do perfectly: shellquote('echo', "'", '"', " ", "\n")

I was considering the more general case where one of the strings may
have come from user input. You then need to also escape
$looks_like_a_var, `some_command`, and way more other such stuff that
your simple function doesn't cover. Even if the user is trusted, not
escaping such things can still lead to bizarre unintended
output/results.

If the commands are completely static, then yes, I agree that lack of
necessity then becomes the main argument against shell=True.

Cheers,
Chris
--
http://rebertia.com

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Snippet: The leanest Popen wrapper Phlip <phlip2005@gmail.com> - 2011-08-03 08:29 -0700
  Re: Snippet: The leanest Popen wrapper Peter Otten <__peter__@web.de> - 2011-08-03 18:21 +0200
  Re: Snippet: The leanest Popen wrapper Thomas Jollans <t@jollybox.de> - 2011-08-03 18:39 +0200
  Re: Snippet: The leanest Popen wrapper Chris Rebert <clp2@rebertia.com> - 2011-08-03 10:27 -0700
    Re: Snippet: The leanest Popen wrapper Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-08-04 10:10 +0200
      Re: Snippet: The leanest Popen wrapper Chris Rebert <clp2@rebertia.com> - 2011-08-04 01:42 -0700
        Re: Snippet: The leanest Popen wrapper Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-08-04 11:25 +0200
  Re: Snippet: The leanest Popen wrapper Phlip <phlip2005@gmail.com> - 2011-08-03 11:04 -0700
  Re: Snippet: The leanest Popen wrapper Terry Reedy <tjreedy@udel.edu> - 2011-08-03 16:20 -0400
  Re: Snippet: The leanest Popen wrapper Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-08-04 10:24 +0200
  Re: Snippet: The leanest Popen wrapper Yves-Gwenael Bourhis <ybourhis@distroiwork4.com> - 2011-08-04 15:19 +0200

csiph-web