STINNER Victor <[email protected]> added the comment:
About shell injection, subprocess.getstatusoutput() uses subprocess.Popen(shell=True). https://docs.python.org/dev/library/subprocess.html#subprocess.getstatusoutput It's done on purpose: "Execute the string cmd in a shell with Popen.check_output()". ---------- _______________________________________ Python tracker <[email protected]> <https://bugs.python.org/issue42641> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
