#103 Unnecessary split(" ") before Popen breaks shell quoting

s3cmd (119)

Normally, shell commands can contain whitespace within individual arguments; as long as this is quoted, it is correctly passed through.

Python's subprocess.Popen() accepts either of two argument forms -- a string, in which case a subshell is started, or a pre-parsed argv list, in which case one is not.

When gpg_encrypt() and gpg_decrypt (as examples) call cfg.gpg_encrypt.split(" "), they employ a vastly less configurable and flexible parser than what the shell provides, and make it impossible to pass arguments containing whitespace to GPG. Instead of bothering with resolve_list, s3cmd should pass the arguments through the environment. To provide an easy way to avoid shell splitting on whitespace within these arguments' values, input_file, output_file and the like can be passed through the environment and dereferenced in the scripts as "$input_file" and such; quoted variable dereferences will never be subject to splitting on IFS.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks