- cross-posted to:
- python@programming.dev
- cross-posted to:
- python@programming.dev
You must log in or register to comment.
e.g. shell=True allows you to pass the command as a single string
Don’t do this. As the article says its much better to split the string using
shlex
and avoid the risk of shell injection vulnerabilities.It’s fine for the majority of cases. Shell vulnerabilities exist when you take in user input. If it’s a personal project or you are composing the string to pass to the shell without user input then it’s perfectly fine.