Author vstinner
Recipients vstinner
Date 2020-12-14.23:29:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1607988569.42.0.994371709457.issue42641@roundup.psfhosted.org>
In-reply-to
Content
About shell injection, subprocess.getstatusoutput() uses subprocess.Popen(shell=True).
https://docs.python.org/dev/library/subprocess.html#subprocess.getstatusoutput

It's done on purpose: "Execute the string cmd in a shell with Popen.check_output()".
History
Date User Action Args
2020-12-14 23:29:29vstinnersetrecipients: + vstinner
2020-12-14 23:29:29vstinnersetmessageid: <1607988569.42.0.994371709457.issue42641@roundup.psfhosted.org>
2020-12-14 23:29:29vstinnerlinkissue42641 messages
2020-12-14 23:29:29vstinnercreate