python - Advantage of list over string in subprocess methods -

-

what advantages of using list on string in subprocess methods? ones understand far:

  • security if input comes external sources
  • portability on different operating systems

are there others?

in particular case, i'm using subprocess library run tests on software. input not come external source. tests run on linux. therefore, see no benefit of lists on strings.

on posix, list , string arguments have different meaning , used in different contexts.

you use string argument , shell=true run shell command e.g.:

from subprocess import check_output  output = check_output("dmesg | grep hda", shell=true)

a list argument used run command without shell e.g.:

from subprocess import check_call  check_call(["ls", "-l"])

one exception call("ls") equivalent call(["ls"]) (a command no arguments).

you should use list argument shell=false (default) except in cases when need shell string argument used.

it error use list argument , shell=true (the arguments interpreted arguments shell instead of command in case). don't use it.

if question: advantages of shell=false , hence list argument on string argument:

  • you don't need escape arguments, no shell interpolation such word splitting, parameter expansion, command substitution occurs: see
    • support arguments spaces
    • support arguments special characters such quotes, dollar sign, etc
  • it clear arguments boundaries are. explicitely separated.
  • it clear program executed: first item in list
  • an argument populated untrusted source won't able execute arbitrary commands
  • why run superfluous shell process unless need

sometimes, might more convenient/readable specify argument string in source code; shlex.split() used convert list:

import shlex subprocess import check_call  cmd = shlex.split('/bin/vikings -input eggs.txt -output "spam spam.txt" '                   '''-cmd "echo '$money'"''') check_call(cmd)

see the docs.

on windows, arguments interpreted differently. native format string , passed list converted string using subprocess.list2cmdline() function may not work windows programs. shell=true necessary run builtin shell commands.

if list2cmdline() creates correct command line executable (different programs may use different rules interpreting command line) list argument used portability , avoid escaping separate arguments manually.


Comments

Post a Comment

Popular posts from this blog

java - WrongTypeOfReturnValue exception thrown when unit testing using mockito -

-
my test list<person> mylist; @test public void testisvalidperson() { mylist = new arraylist<person>(); mylist.add(new person("tom")); when(persondao.get(person)).thenreturn(mylist); when((persondao.get(person)).isempty()).thenreturn(false);//------exception thrown boolean result = service.isvalid("tom"); assertfalse(result); } method tested: public boolean isvalid(string person){ persondao = new persondao(); person personobj = new person(person); return (persondao.get(person).isempty())?false : true; } exception thrown: org.mockito.exceptions.misusing.wrongtypeofreturnvalue: boolean cannot returned get() get() should return list *** if you're unsure why you're getting above error read on. due nature of syntax above problem might occur because: 1. exception *might* occur in wrongly written multi-threaded tests. please refer mockito faq on limitations of concurrency testing. 2. sp
Read more

php - Magento - Deleted Base url key -

-
i working on cleaning url: http://mydomain.com/shop/shop/deals i going through settings in configuration tab in admin panel on magento , change secure , unsecure base urls remove first base url "shop" web page read: http://mydomain.com/shop/deals so changed unsecure base urls mydomain.com/shop mydomain.com , secure 12.345.67.89/shop 12.345.67.89. wrong thing do. i cannot reload page or admin console. how access these files through ftp , change correctly there?? when make changes in admin panel changes made in database not in file. have make changes in database. 1.go database , select core_config_data table under table find web/unsecure/base_url , web/secure/base_url . make changes here. don't forget clear cache in var/cache folder
Read more

android - How to disable Button if EditText is empty ? -

-
i have edittext , button in application. when button clicked,the text entered in edittext added listview. i want disable button if edittext empty.how ? this code button click imagebutton imb=(imagebutton)findviewbyid(r.id.btn_send); imb.setonclicklistener(new onclicklistener() { @override public void onclick(view arg0) { edittext et = (edittext)findviewbyid(r.id.edittext1); string str = et.gettext().tostring(); web1.add(str); toast.maketext(shoutsingleprogram.this, "you entered...."+str, toast.length_short).show(); adapter1.notifydatasetchanged(); et.settext(""); } }); } how can ? edittext1.addtextchangedlistener(new textwatcher() { @override public void ontextchanged(charsequence s, int start, int before, in
Read more