• @CosmicGiraffe
    link
    41 year ago

    e.g. shell=True allows you to pass the command as a single string

    Don’t do this. As the article says its much better to split the string using shlex and avoid the risk of shell injection vulnerabilities.

    • @[email protected]
      link
      fedilink
      21 year ago

      It’s fine for the majority of cases. Shell vulnerabilities exist when you take in user input. If it’s a personal project or you are composing the string to pass to the shell without user input then it’s perfectly fine.