Aldwin Pollefeyt <aldwinald...@gmail.com> added the comment: >From : >https://docs.python.org/3.9/library/subprocess.html#security-considerations
Security Considerations Unlike some other popen functions, this implementation will never implicitly call a system shell. This means that all characters, including shell metacharacters, can safely be passed to child processes. If the shell is invoked explicitly, via shell=True, it is the application’s responsibility to ensure that all whitespace and metacharacters are quoted appropriately to avoid shell injection vulnerabilities. When using shell=True, the shlex.quote() function can be used to properly escape whitespace and shell metacharacters in strings that are going to be used to construct shell commands. ---------- nosy: +aldwinaldwin _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37495> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com