We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
shell=True
subprocess.check_output
Apparently there are some security issues by using shell=True. But without having it, we also lose a lot of features, like piping, wildcards (*), etc.
Example:
> !echo 'It Works' > tmp > !cat tmp | xargs echo It Works > subprocess.check_output(['cat', 'tmp', '|', 'xargs', 'echo']) CalledProcessError: Command '['cat', 'tmp', '|', 'xargs', 'echo']' returned non-zero exit status 1. > subprocess.check_output('cat tmp | xargs echo', shell = True) b'It Works\n'
A workaround can be done by using bash to run a script or command
bash
> subprocess.check_output(['bash', '-c', 'cat tmp | xargs echo']) b'It Works\n'
The question is if using bash -c <command> or bash <script> it's the same as shell=True. If it is, if we should add support as a param option.
bash -c <command>
bash <script>
Some good resource for this: https://stackoverflow.com/a/51950538/3949081
cc: @mflevine
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Apparently there are some security issues by using
shell=True
. But without having it, we also lose a lot of features, like piping, wildcards (*), etc.Example:
A workaround can be done by using
bash
to run a script or commandThe question is if using
bash -c <command>
orbash <script>
it's the same asshell=True
. If it is, if we should add support as a param option.Some good resource for this: https://stackoverflow.com/a/51950538/3949081
cc: @mflevine
The text was updated successfully, but these errors were encountered: