Skip to main content

Strings or Argument Lists


While it is handy to be able to execute commands pretty much as you would on the command line, you often need to pass variables from Python to the commands you are using. Let's say we wanted to re-write this function to use echo:

def print_string(string):
    print string

You might do this:

def print_string(string):
    subprocess.Popen('echo "%s"'%string, shell=True)

This will work fine for the string Hello World!:

>>> print_string('Hello world!')
Hello world!

But not for this:

>>> print_string('nasty " example')
/bin/sh: Syntax error: Unterminated quoted string

The command being executed is echo "nasty " example" and as you can see, there is a problem with the escaping.

One approach is to deal with the escaping in your code but this can be cumbersome because you have to deal with all the possible escape characters, spaces etc.

Python can handle it for you but you have to avoid using the shell. Let's look at this next.

Without the Shell

Now let's try the same thing without the shell:

def print_string(string):
    subprocess.Popen(['echo', string], shell=False)

>>> print_string('Hello world!')
Hello world!
>>> print_string('nasty " example')
nasty " example

As you can see it works correctly with the correct escaping.

Note

You can actually specify a single string as the argument when shell=False but it must be the program itself and is no different from just specifying a list with one element for args. If you try to execute the same sort of command you would when shell=False you get an error:

>>> subprocess.Popen('echo "Hello world!"', shell=False)
Traceback (most recent call last):
  File "", line 1, in
  File "/usr/lib/python2.5/subprocess.py", line 594, in __init__
    errread, errwrite)
  File "/usr/lib/python2.5/subprocess.py", line 1147, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

Since we are still passing it as a string, Python assumes the entire string is the name of the program to execute and there isn't a program called echo "Hello world!" so it fails. Instead you have to pass each argument separately.
Labels:

Comments

Post a Comment

https://gengwg.blogspot.com/

Popular posts from this blog

CKA Simulator Kubernetes 1.22

  https://killer.sh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment. You could set these: alias k = kubectl                         # will already be pre-configured export do = "--dry-run=client -o yaml"     # k get pod x $do export now = "--force --grace-period 0"   # k delete pod x $now Vim To make vim use 2 spaces for a tab edit ~/.vimrc to contain: set tabstop=2 set expandtab set shiftwidth=2 More setup suggestions are in the tips section .     Question 1 | Contexts Task weight: 1%   You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl . Finally write a second command doing the same thing into ...
Post a Comment
Read more

OWASP Top 10 Threats and Mitigations Exam - Single Select

Last updated 4 Aug 11 Course Title: OWASP Top 10 Threats and Mitigation Exam Questions - Single Select 1) Which of the following consequences is most likely to occur due to an injection attack? Spoofing Cross-site request forgery Denial of service   Correct Insecure direct object references 2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? Injection   Correct Insecure direct object references Failure to restrict URL access Insufficient transport layer protection 3) Which of the following scenarios is most likely to cause an injection attack? Unvalidated input is embedded in an instruction stream.   Correct Unvalidated input can be distinguished from valid instructions. A Web application does not validate a client’s access to a resource. A Web action performs an operation on behalf of the user without checkin...
2 comments
Read more