Can the user or third party ever control the file name argument? Things
like
+ status, output = commands.getstatusoutput("gunzip %s" %
localPath)
are never robust, since localPath could contain spaces, or worse,
semicolons and other shell commands. That's why Python has an excellent
subprocess module, which avoids intermediate shells, and still makes it
comfortable to capture status and stdout/err.
--
[FFE] Image Store Proxy must handle compressed images
https://bugs.launchpad.net/bugs/445714
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
