This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author aldwinaldwin
Recipients Dominik Czarnota, aldwinaldwin
Date 2019-07-04.04:30:23
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1562214623.91.0.265161776913.issue37495@roundup.psfhosted.org>
In-reply-to
Content 
From : https://docs.python.org/3.9/library/subprocess.html#security-considerations

Security Considerations

Unlike some other popen functions, this implementation will never implicitly call a system shell. This means that all characters, including shell metacharacters, can safely be passed to child processes. If the shell is invoked explicitly, via shell=True, it is the application’s responsibility to ensure that all whitespace and metacharacters are quoted appropriately to avoid shell injection vulnerabilities.

When using shell=True, the shlex.quote() function can be used to properly escape whitespace and shell metacharacters in strings that are going to be used to construct shell commands.
History
Date User Action Args
2019-07-04 04:30:24aldwinaldwinsetrecipients: + aldwinaldwin, Dominik Czarnota
2019-07-04 04:30:23aldwinaldwinsetmessageid: <1562214623.91.0.265161776913.issue37495@roundup.psfhosted.org>
2019-07-04 04:30:23aldwinaldwinlinkissue37495 messages
2019-07-04 04:30:23aldwinaldwincreate