使用subprocess.Popen在Windows中运行批处理文件
[英]Using subprocess.Popen to run a batch file in Windows
问题描述
Why can we not use Popen to run a batch file? 
为什么我们不能使用Popen运行批处理文件?
>>> p = Popen(["filename"], shell=True, stdout = PIPE)
This is working well, but according to the documentation we should not use shell = True for "running a batch file or console-based executable". 这运行良好,但是根据文档,我们不应将shell = True用于“运行批处理文件或基于控制台的可执行文件”。
Why can't we use shell = True when it runs a batch file? 为什么在运行批处理文件时不能使用shell = True ? Why should it only be used for building in cmd? 为什么只在cmd中使用它?
1 个解决方案
解决方案1
2 已采纳 2018-07-02 07:49:48
Calling subprocess.Popen() with the shell parameter set to True in production is a generally bad idea. 在生产环境中将shell参数设置为True来调用subprocess.Popen()是一个糟糕的主意。 One of the dangers include shell injection vulnerabilities, as quoted by the Python 3 docs: 危险之一包括shell注入漏洞,如Python 3文档所述:
17.5.2.
Unlike some other popen functions, this implementation will never implicitly call a system shell.
shell=True, it is the application's responsibility to ensure that all whitespace and metacharacters are quoted appropriately to avoid shell injection vulnerabilities.shell=True显式调用了shell,则应用程序有责任确保所有空白和元字符都被正确引用,以避免shell注入漏洞。
Source: https://docs.python.org/3.6/library/subprocess.html 资料来源: https : //docs.python.org/3.6/library/subprocess.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.