STINNER Victor <vstin...@python.org> added the comment:
About shell injection, subprocess.getstatusoutput() uses subprocess.Popen(shell=True). https://docs.python.org/dev/library/subprocess.html#subprocess.getstatusoutput It's done on purpose: "Execute the string cmd in a shell with Popen.check_output()". ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42641> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com