[issue34489] subprocess: execution of batch-files (.cmd/.bat) is vulnerable in python for windows / insufficient escape

Sergey G. Brester added the comment: I have extended the PR a bit (more tests and corresponding documentation part). -- ___ Python tracker ___

[issue34489] subprocess: execution of batch-files (.cmd/.bat) is vulnerable in python for windows / insufficient escape

Sergey G. Brester added the comment: > Would you consider adding your test suite into the regression tests as well? Sure. Done. > Right now, this is a well known issue on all platforms Really? I can't imagine this for something else as windows (and it is currently fixed also for windows

[issue34489] subprocess: execution of batch-files (.cmd/.bat) is vulnerable in python for windows / insufficient escape

Steve Dower added the comment: Would you consider adding your test suite into the regression tests as well? Right now, this is a well known issue on all platforms, but there is no clear universal solution. If your approach works well for all platforms and does not adversely impact any of

[issue34489] subprocess: execution of batch-files (.cmd/.bat) is vulnerable in python for windows / insufficient escape

New submission from Sergey G. Brester : There is a vulnerability "insufficient escape of special chars for quoting of arguments by exec process" for python-language, if executing windows batch-files (bat/cmd). ### What version of python is affected? All ### Does this issue reproduce with the