Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!goblin1!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'subject:: [': 0.03; 'argument': 0.04; 'skip:/ 10': 0.07; 'subject:How': 0.09; 'python': 0.09; 'grep': 0.09; 'subject:command': 0.09; 'cc:addr :python-list': 0.10; 'subject:python': 0.11; '0.6': 0.16; 'aux': 0.16; 'echo': 0.16; 'shell:': 0.16; 'subject:Tutor': 0.16; 'subject:run': 0.16; 'wrote:': 0.17; 'specify': 0.17; 'thu,': 0.17; 'accepting': 0.18; 'jan': 0.18; 'shell': 0.18; '>>>': 0.18; 'input': 0.18; 'subject:] ': 0.19; 'variable': 0.20; 'email addr:gmail.com>': 0.20; 'all,': 0.21; '>>>': 0.22; 'class.': 0.23; 'cc:no real name:2**0': 0.24; 'cc:2**1': 0.24; 'command': 0.24; 'cc:addr:python.org': 0.25; 'header:In-Reply- To:1': 0.25; 'header:User-Agent:1': 0.26; 'am,': 0.27; 'lines': 0.28; 'run': 0.28; 'arts': 0.29; 'multiline': 0.29; 'code': 0.31; 'file': 0.32; 'skip:s 30': 0.33; 'received:google.com': 0.34; 'thanks': 0.34; 'skip:* 20': 0.35; 'received:209.85': 0.35; 'there': 0.35; 'but': 0.36; 'message-id:@gmail.com': 0.36; 'anything': 0.36; 'skip:p 20': 0.36; 'execute': 0.37; 'received:209': 0.37; 'possible.': 0.38; 'several': 0.39; 'received:192': 0.39; 'received:192.168': 0.40; 'within': 0.64; 'making': 0.64; 'dangerous': 0.66; 'directly.': 0.78; 'day!': 0.83; '2013': 0.84 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type; bh=voTH9ukqe6HCKn7ufGovZG7i03HASd/1gRQfbPJ5eas=; b=vyoZqC/GyWdyoSlV8TvhB2TbZb9XKShMN0CurTGKBCXvqr2/9uwzwSBE4SOjBHNlcb 8yEtSDB4XWSPfVlVYqoRvzJi6HTgilBHYK3vxoIIAr+5ung01PWhwhtJVs5AS8Is+GuE Fw2p9DOuk3GVpEKtMhA7vupxa0uY+meio+pJDS0w3D7f8O0p2k+K8n15TmLjyHpvu11W JkbKLBxTJkF7cUVqODj2I+uw5NVO2VP7UKmIvTRRu7Rgf0zRewCOS/EfJSSCJHFk/ZR2 8bb0J1LuK3GPrBIvNHLey8Da/EyM6t4rlSm/L0ISW99yIOL+mwGPT463sjI/H/8Aj0LZ EUFQ== X-Received: by 10.112.103.202 with SMTP id fy10mr29085923lbb.13.1357828112287; Thu, 10 Jan 2013 06:28:32 -0800 (PST) Date: Thu, 10 Jan 2013 15:25:57 +0100 From: Karim User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Hugo Arts Subject: Re: [Tutor] How to run multiline shell command within python References: <50EE5934.7090609@gmail.com> In-Reply-To: Content-Type: multipart/alternative; boundary="------------090501040200080208000808" Cc: python-list@python.org, *tutor python X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 138 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1357828114 news.xs4all.nl 6887 [2001:888:2000:d::a6]:42479 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:36570 This is a multi-part message in MIME format. --------------090501040200080208000808 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 10/01/2013 09:31, Hugo Arts wrote: > On Thu, Jan 10, 2013 at 7:01 AM, Karim > wrote: > > > > Hello all, > > I want to run multiline shell command within python without using > a command file but directly execute several lines of shell. > I already use *subprocess.checkoutput("csh -f > my_file.csh".split())* but I want to know if it is posssible to > avoid making file and execute > shell lines of code directly. > > > Yes, this is very possible. Specify shell=True as an argument and you > can do anything you can do in a shell: > > >>> commands = """echo hello > ... echo hello | wc -l > ... ps aux | grep python""" > >>> b = subprocess.check_output(commands, shell=True) > >>> print(b.decode('ascii')) > hello > 1 > hugo 1255 1.0 0.6 777316 49924 ? Sl 09:14 0:08 > /usr/bin/python2 /usr/bi > hugo 6529 0.0 0.0 42408 7196 pts/0 S+ 09:23 0:00 python > hugo 6559 0.0 0.0 10656 1128 pts/0 S+ 09:28 0:00 grep python > > >>> > > watch out though, accepting user input into the commands variable will > lead to shell injection, which can be a dangerous security vulnerability. > > HTH, > Hugo Many thanks Hugo. It makes my day! In my case there are no possibilities for shell injection. It is internal to a class. Regards Karim --------------090501040200080208000808 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
On 10/01/2013 09:31, Hugo Arts wrote:
On Thu, Jan 10, 2013 at 7:01 AM, Karim <kliateni@gmail.com> wrote:


Hello all,

I want to run multiline shell command within python without using a command file but directly execute several lines of shell.
I already use *subprocess.checkoutput("csh -f my_file.csh".split())* but I want to know if it is posssible to avoid making file and execute
shell lines of code directly.


Yes, this is very possible. Specify shell=True as an argument and you can do anything you can do in a shell:

 >>> commands = """echo hello
... echo hello | wc -l
... ps aux | grep python"""
>>> b = subprocess.check_output(commands, shell=True)
>>> print(b.decode('ascii'))
hello
1
hugo      1255  1.0  0.6 777316 49924 ?        Sl   09:14   0:08 /usr/bin/python2 /usr/bi
hugo      6529  0.0  0.0  42408  7196 pts/0    S+   09:23   0:00 python
hugo      6559  0.0  0.0  10656  1128 pts/0    S+   09:28   0:00 grep python

>>> 

watch out though, accepting user input into the commands variable will lead to shell injection, which can be a dangerous security vulnerability.

HTH,
Hugo

Many thanks Hugo. It makes my day!
In my case there are no possibilities for shell injection. It is internal to a class.

Regards
Karim

--------------090501040200080208000808--