This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: run_proces logs the command without escaping parmaeters such that the coammns logged are not valid
Type: Stage: resolved
Components: Library (Lib) Versions: Python 3.7
process
Status: closed Resolution: third party
Dependencies: Superseder:
Assigned To: Nosy List: r.david.murray, wgianopoulos
Priority: normal Keywords:

Created on 2017-01-02 20:37 by wgianopoulos, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (6)
msg284498 - (view) Author: William Gianopoulos (wgianopoulos) Date: 2017-01-02 20:37
So, the arguments to run_process are not escaped when logged such that the logged command is un-parsable.
The following call:

self.run_process(['notify-send', '--app-name', 'Mozilla Build System', 'Mozilla Build System', msg])  where msg='Build complete'

ends up logging the following:

/usr/bin/notify-send --app-name Mozilla Build System Mozilla Build System Build complete

Where to be a valid command it needs to be:

/usr/bin/notify-send --app-name 'Mozilla Build System' 'Mozilla Build System' 'Build complete'


So, I think this needs to either not log the command at all or for each parameter replace any occurrence of the character "'" with "\'" and then enclose the entire parameter with "'" to make sure the logged command can actually be properly parsed.
msg284503 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2017-01-02 21:02
What is run_process?  I'm not getting any hits from grep on the standard library.
msg284505 - (view) Author: William Gianopoulos (wgianopoulos) Date: 2017-01-02 21:07
well i could be screwed up perhaps it is something provided in the mozilla
python environment i was going by the fact that google searches on python
run-process returned things, including other reported issues, that made me
think it was not.

On Mon, Jan 2, 2017 at 4:02 PM, R. David Murray <report@bugs.python.org>
wrote:

>
> R. David Murray added the comment:
>
> What is run_process?  I'm not getting any hits from grep on the standard
> library.
>
> ----------
> nosy: +r.david.murray
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue29135>
> _______________________________________
>
msg284506 - (view) Author: William Gianopoulos (wgianopoulos) Date: 2017-01-02 21:11
OK i t appears it might be a third party python utility library.  I will
try to trak this down and report it there and close this issue once i sort
it out.

On Mon, Jan 2, 2017 at 4:07 PM, William Gianopoulos <report@bugs.python.org>
wrote:

>
> William Gianopoulos added the comment:
>
> well i could be screwed up perhaps it is something provided in the mozilla
> python environment i was going by the fact that google searches on python
> run-process returned things, including other reported issues, that made me
> think it was not.
>
> On Mon, Jan 2, 2017 at 4:02 PM, R. David Murray <report@bugs.python.org>
> wrote:
>
> >
> > R. David Murray added the comment:
> >
> > What is run_process?  I'm not getting any hits from grep on the standard
> > library.
> >
> > ----------
> > nosy: +r.david.murray
> >
> > _______________________________________
> > Python tracker <report@bugs.python.org>
> > <http://bugs.python.org/issue29135>
> > _______________________________________
> >
>
> ----------
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue29135>
> _______________________________________
>
msg284507 - (view) Author: William Gianopoulos (wgianopoulos) Date: 2017-01-02 21:16
I would like to keep this open until I figure this out so I can provide a pointer to where the real issue is being tracked. I should have time to do that tomorrow. SOunds like this is part of some third-party add-on python library that is normally provided with  linux builds.
msg284508 - (view) Author: William Gianopoulos (wgianopoulos) Date: 2017-01-02 21:38
It seems it is part of the Mozilla build system.  I closed this issue.
History
Date User Action Args
2022-04-11 14:58:41adminsetgithub: 73321
2017-01-03 01:00:12r.david.murraysetresolution: not a bug -> third party
stage: resolved
2017-01-02 21:38:42wgianopoulossetstatus: open -> closed
resolution: not a bug
messages: + msg284508
2017-01-02 21:16:20wgianopoulossetmessages: + msg284507
2017-01-02 21:11:29wgianopoulossetmessages: + msg284506
2017-01-02 21:07:58wgianopoulossetmessages: + msg284505
2017-01-02 21:02:29r.david.murraysetnosy: + r.david.murray
messages: + msg284503
2017-01-02 20:37:59wgianopouloscreate