为什么不在subprocess.Popen中使用`shell = True`在Python中呢? [英] Why not just use `shell=True` in subprocess.Popen in Python?

问题描述

我有一个很长的单行shell命令，将由Python调用.代码是这样的:

I have a very long one-line shell command to be called by Python. The codes are like this:

# "first way"
def run_cmd ( command ):
    print "Run: %s" % command
    subprocess.call (command, shell=True)
run_cmd('''sort -n -r -k5 {3} |head -n 500|awk 'OFS="\t"{{if($2-{1}>0){{print $1,$2-{1},$3+{1},$4,$5}}}}' > {2}'''.format(top_count,extend/2,mid,summit))

这些代码有效，但总是这样抱怨:

These codes works, but it always complains like this:

sort: write failed: standard output: Broken pipe
sort: write error
awk: (FILENAME=- FNR=132) fatal: print to "standard output" failed (Broken pipe)

根据先前的答案，我需要使用更长的脚本来完成此操作，例如:

According to a previous answer, I need to use a longer script to finish this, like:

# "second way"
p1 = Popen("sort -n -r -k5 %s"%summit, stdout=PIPE)
p2 = Popen("head -n 500", stdin=p1.stdout, stdout=PIPE)
# and so on ..........

我的问题是:

(1)第二种方式"是否会比第一种方式"慢

(1) whether the "second way" will be slower than "first way"

(2)如果无论如何我都必须以第一种方式"书写(因为这样写起来会更快)，如何避免像broken pipe

(2) if I have to write in "first way" anyway (because it's faster to write), how can I avoid the complain like broken pipe

(3)我不应该以第一种方式"撰写的最令人信服的原因

(3) what might be the most compelling reason that I shouldn't write in "first way"

推荐答案

如果输入数据来自不受信任的来源，则使用shell = True可能会带来安全风险.例如.如果您的mid变量的内容是"/dev/null; rm -rf /"，该怎么办.在您的情况下似乎并非如此，因此我不必为此担心太多.

Using shell = True can be a security risk if your input data comes from an untrusted source. E.g. what if the content of your mid variable is "/dev/null; rm -rf /". This does not seem to be the case in your scenario, so I would not worry too much about it.

在您的代码中，将awk的结果直接写入mid中的文件名.要调试该问题，您可能需要使用subprocess.check_output并从python程序中的awk调用中读取结果.

In your code you write the result of awk directly to the filename in mid. To debug the problem, you might want to use subprocess.check_output and read the result from your awk invocation in your python program.

cmd = """sort -n -r -k5 %s |
      head -n 500|
      awk 'OFS="\t"{{if($2-{1}>0){{print $1,$2-{1},$3+{1},$4,$5}}}}'""".format(summit, top_count)

subprocess.check_call(cmd, shell=True, stdout=file)

这篇关于为什么不在subprocess.Popen中使用`shell = True`在Python中呢?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！