reinout
commented
7 years ago It isn't an issue in this specific case as we're just passing the current directory. There's no user input here. Quote characters in a directory name? Then you're really trying to break things :-)
Best practice: I think you're right. Fixing it everywhere in the code will probably be quite a lot of work, however.
I'm not inclined to do it as the only person that can break things is the one that's actually sitting behind its own keyboard. If you're experimenting with directory names with "rm -rf /" embedded/encoded in a directory name... I'd say that's a corner case.
I learned something: I never thought about Popen's lists as something that solves quoting issues. Makes sense. You've probably made my future code safer :-)
htgoebel
In #228 the code was changed to quote the path of the git-repos. This is only necessary since the code uses strings as commands, instead of a list of command arguments.
This is bad practice! and may be insecure. Just imaging (in this use case) the path contains a quote-character
". Then the command will fail or even damage things.Best-practice is to pass a list of arguments to Popen (and siblings) This avoids all quoting issues, since there is no command string which needs to be parsed to split it into arguments.
This may not be an issue in the case of cloning the repo, but it is an issue in general cases.