Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Get rid of as much `subprocess` as possible, and get rid of passing args via CLI where possible

See original GitHub issue

subprocess is a potential security issue and usage of it should be minimized.

Describe the solution you’d like 0. bash install.sh is forbidden: it is directly code execution!

  1. git is used through API provided by numerous python packages for working with git
  2. wget is replaced with aria2c getting their args via a named pipe.
  3. calling tar through CLI is prohibited, use packages to access tar archives instead

Describe alternatives you’ve considered No such.

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
julien-ccommented, Sep 20, 2022

GitPython is using subprocess calls to call git command line too, no?

0reactions
KOLANICHcommented, Sep 21, 2022

And in the end I am still not sure to understand the benefit of not using subprocess for our use case.

It’s OK not to use it where it has significant enough drawbacks.

Read more comments on GitHub >

github_iconTop Results From Across the Web

python - What is the subprocess.Popen max length of the args ...
I don't mind breaking up the command into multiple calls to process_file.exe . I am looking for a general way to get the...
Read more >
Python Tutorial: subprocesses module - 2020 - BogoToBogo
The command line arguments are passed as a list of strings, which avoids the need for escaping quotes or other special characters that...
Read more >
An Introduction to Subprocess in Python With Examples
The call() method from the subprocess in Python accepts the following parameters: args: It is the command that you want to execute. You...
Read more >
The subprocess Module: Wrapping Programs With Python
In this tutorial, you'll learn how to leverage other apps and programs that aren't Python, wrapping them or launching them from your Python ......
Read more >
subprocess — Subprocess management — Python 3.11.1 ...
If shell is True , it is recommended to pass args as a string rather than as a sequence. On POSIX with shell=True...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Developer mode requirement on Windows

Next page

Git: find a "better" way to handle tokens than git credential store