Message 362333 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	nik-sm
Recipients	jweese, nik-sm
Date	2020-02-20.17:09:16
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1582218557.12.0.939078411221.issue39692@roundup.psfhosted.org>
In-reply-to

Content
Thanks very much for getting back to me so quickly, and for identifying the reason for the difference in behavior. Sorry to harp on a relatively small behavior, but it cost me a few hours and it might cause confusion for others as well. It still seems like an oversight that the body of a program invoked by `bash -c` would not be quoted. Consider the following two examples: $ bash -c echo my critical data > file.txt $ cat file.txt $ # My data was lost! Or again in Python: >>> import subprocess >>> res1 = subprocess.run(['echo', 'my', 'critical', 'data', '>', 'file.txt'], shell=True, capture_output=True) >>> res1.returncode 0 >>> exit() $ cat file.txt cat: file.txt: No such file or directory $ # The file is not even created! I know that the subsequent args are stored as bash arguments to the first executable/quoted program, for example: $ bash -c 'echo $0' foo foo or >>> res1 = subprocess.run(['echo $0', 'foo'], shell=True, capture_output=True) >>> res1.stdout b'foo\n' However, it seems strange/wrong to invoke an executable via "bash -c executable arg1 arg2", rather than just "executable arg1 arg2"! In other words, the combination of `shell=True` with a sequence of args appears to behave surprisingly/wrong. --- Here's the only part of the docs I could find that discuss the interaction between `shell=True` and args.: """ The shell argument (which defaults to False) specifies whether to use the shell as the program to execute. If shell is True, it is recommended to pass args as a string rather than as a sequence. """ I think there are ~2 cases here: 1) If there exist use cases for setting `shell=True` and doing "bash -c my_executable arg2 arg3", then the documentation should say something like the following: """ Using `shell=True` invokes the sequence of args via `bash -c`. In this case, the first argument MUST be an executable, and the subsequent arguments will be stored as bash parameters for that executable (`$0`, `$1`, etc). """ 2) The body of the program invoked with `bash -c` should always be quoted. In this case, there should either be a code fix to quote the body, or a `ValueError` when `shell=True` and args is a sequence. How does this sound from your perspective?

Thanks very much for getting back to me so quickly, and for identifying the reason for the difference in behavior.

Sorry to harp on a relatively small behavior, but it cost me a few hours and it might cause confusion for others as well.

It still seems like an oversight that the body of a program invoked by `bash -c` would not be quoted. Consider the following two examples:

$ bash -c echo my critical data > file.txt
$ cat file.txt 

$ # My data was lost!

Or again in Python:

>>> import subprocess
>>> res1 = subprocess.run(['echo', 'my', 'critical', 'data', '>', 'file.txt'], shell=True, capture_output=True)
>>> res1.returncode
0
>>> exit()
$ cat file.txt
cat: file.txt: No such file or directory
$ # The file is not even created!



I know that the subsequent args are stored as bash arguments to the first executable/quoted program, for example:

$ bash -c 'echo $0' foo
foo

or

>>> res1 = subprocess.run(['echo $0', 'foo'], shell=True, capture_output=True)
>>> res1.stdout
b'foo\n'


However, it seems strange/wrong to invoke an executable via "bash -c executable arg1 arg2", rather than just "executable arg1 arg2"! In other words, the combination of `shell=True` with a sequence of args appears to behave surprisingly/wrong.


---


Here's the only part of the docs I could find that discuss the interaction between `shell=True` and args.:
"""
The shell argument (which defaults to False) specifies whether to use the shell as the program to execute. If shell is True, it is recommended to pass args as a string rather than as a sequence.
"""



I think there are ~2 cases here:

1) If there exist use cases for setting `shell=True` and doing "bash -c my_executable arg2 arg3", then the documentation should say something like the following:
"""
Using `shell=True` invokes the sequence of args via `bash -c`. In this case, the first argument MUST be an executable, and the subsequent arguments will be stored as bash parameters for that executable (`$0`, `$1`, etc).
"""

2) The body of the program invoked with `bash -c` should always be quoted. In this case, there should either be a code fix to quote the body, or a `ValueError` when `shell=True` and args is a sequence.


How does this sound from your perspective?

History
Date	User	Action	Args
2020-02-20 17:09:17	nik-sm	set	recipients: + nik-sm, jweese
2020-02-20 17:09:17	nik-sm	set	messageid: <1582218557.12.0.939078411221.issue39692@roundup.psfhosted.org>
2020-02-20 17:09:17	nik-sm	link	issue39692 messages
2020-02-20 17:09:16	nik-sm	create