Subprocess.Call() Arguments Ignored When Using Shell=True W/ List

subprocess.call() arguments ignored when using shell=True w/ list

When shell is True, the first argument is appended to ["/bin/sh", "-c"]. If that argument is a list, the resulting list is

["/bin/sh", "-c", "ls", "-al"]

That is, only ls, not ls -al is used as the argument to the -c option. -al is used as the first argument the shell itself, not ls.

When using shell=True, you generally just want to pass a single string and let the shell split it according the shell's normal word-splitting rules.

# Produces ["/bin/sh", "-c", "ls -al"]
subprocess.call("ls -al", shell=True)

In your case, it doesn't see like you need to use shell=True at all.

Parameters are ignored in subprocess.Popen

If you set shell in True you don't have to use shlex - just pass the command as a string.

Another way is to remove shell=True.

I hope it will help :)

UPD: justr tried - it should solve the issue.

Actual meaning of 'shell=True' in subprocess

The benefit of not calling via the shell is that you are not invoking a 'mystery program.' On POSIX, the environment variable SHELL controls which binary is invoked as the "shell." On Windows, there is no bourne shell descendent, only cmd.exe.

So invoking the shell invokes a program of the user's choosing and is platform-dependent. Generally speaking, avoid invocations via the shell.

Invoking via the shell does allow you to expand environment variables and file globs according to the shell's usual mechanism. On POSIX systems, the shell expands file globs to a list of files. On Windows, a file glob (e.g., "*.*") is not expanded by the shell, anyway (but environment variables on a command line are expanded by cmd.exe).

If you think you want environment variable expansions and file globs, research the ILS attacks of 1992-ish on network services which performed subprogram invocations via the shell. Examples include the various sendmail backdoors involving ILS.

In summary, use shell=False.

Python subprocess.Popen fails on shell command as argument

This is because by default subprocess.Popen() doesn't have the shell interpret the commands, so the "*" isn't being expanded into the required list of files. Try adding shell=True as a final argument to the call.

Also note the warning in the documentation about not trusting user input to be processed in this way.

subprocess call with args is only reading first arg

I don't have nmap installed but you need set shell=False and split parameters:

import subprocess

TOOL = 'ls'
joined = '-a -l'
target = '/tmp'

print(subprocess.call([TOOL, *joined.split(), target], shell=False))

Python subprocess.call seems to ignore parameters

First of all, subprocess.call expects you to pass each command line parameter separately, like this:

subprocess.call(['mysqldump', '-u', 'myUsername'])

Second, to redirect the output, you pass additional stdout argument, which, among other things, can be an open file object:

with open('myDatabaseBackup.sql', 'w') as fout:
    subprocess.call(['mysqldump', '-u', 'myUsername'], stdout=fout)

(For the second redirection you naturally use stdin. More details are in FAQ)

how to avoid shell=True in subprocess

Just pass the arguments to check_output() as a list:

subprocess.check_output(["md5", "Downloads/test.txt"], stderr=subprocess.STDOUT)

From the docs:

args is required for all calls and should be a string, or a sequence
of program arguments. Providing a sequence of arguments is generally
preferred, as it allows the module to take care of any required
escaping and quoting of arguments (e.g. to permit spaces in file
names). If passing a single string, either shell must be True (see
below) or else the string must simply name the program to be executed
without specifying any arguments.

---

Related Topics