Message347255
From : https://docs.python.org/3.9/library/subprocess.html#security-considerations
Security Considerations
Unlike some other popen functions, this implementation will never implicitly call a system shell. This means that all characters, including shell metacharacters, can safely be passed to child processes. If the shell is invoked explicitly, via shell=True, it is the application’s responsibility to ensure that all whitespace and metacharacters are quoted appropriately to avoid shell injection vulnerabilities.
When using shell=True, the shlex.quote() function can be used to properly escape whitespace and shell metacharacters in strings that are going to be used to construct shell commands. |
|
Date |
User |
Action |
Args |
2019-07-04 04:30:24 | aldwinaldwin | set | recipients:
+ aldwinaldwin, Dominik Czarnota |
2019-07-04 04:30:23 | aldwinaldwin | set | messageid: <1562214623.91.0.265161776913.issue37495@roundup.psfhosted.org> |
2019-07-04 04:30:23 | aldwinaldwin | link | issue37495 messages |
2019-07-04 04:30:23 | aldwinaldwin | create | |
|