This is very dangerous, because you feed this string into a shell command later. It could execute any code that is returned.
Best practice when constructing these (quite dangerous) commands to execute, is to assume that everything is malicious. Don't trust anything you get from code that you haven't written yourself. In this case, it means make sure that it is a string that only contains numbers, and that it is withing some boundary (1024 < x < 64000 or something)
https://github.com/YoungxHelsinki/automated-scripts/blob/3b8fd3813c73b96826b5693343e496797a13f9ee/Aalto_computer_status_checker/paniikki_jupyter_launcher.py#L230
This is very dangerous, because you feed this string into a shell command later. It could execute any code that is returned. Best practice when constructing these (quite dangerous) commands to execute, is to assume that everything is malicious. Don't trust anything you get from code that you haven't written yourself. In this case, it means make sure that it is a string that only contains numbers, and that it is withing some boundary (1024 < x < 64000 or something)