为什么不在 Python 中的 subprocess.Popen 中使用 `shell=True`? [英] Why not just use `shell=True` in subprocess.Popen in Python?

问题描述

我有一个很长的单行 shell 命令要由 Python 调用.代码是这样的:

I have a very long one-line shell command to be called by Python. The codes are like this:

# "first way"
def run_cmd ( command ):
    print "Run: %s" % command
    subprocess.call (command, shell=True)
run_cmd('''sort -n -r -k5 {3} |head -n 500|awk 'OFS="	"{{if($2-{1}>0){{print $1,$2-{1},$3+{1},$4,$5}}}}' > {2}'''.format(top_count,extend/2,mid,summit))

这些代码有效，但它总是这样抱怨:

These codes works, but it always complains like this:

sort: write failed: standard output: Broken pipe
sort: write error
awk: (FILENAME=- FNR=132) fatal: print to "standard output" failed (Broken pipe)

根据以前的答案，我需要使用更长的脚本来完成此操作，例如:

According to a previous answer, I need to use a longer script to finish this, like:

# "second way"
p1 = Popen("sort -n -r -k5 %s"%summit, stdout=PIPE)
p2 = Popen("head -n 500", stdin=p1.stdout, stdout=PIPE)
# and so on ..........

我的问题是:

(1)第二种方式"是否会比第一种方式"慢

(1) whether the "second way" will be slower than "first way"

(2) 如果我必须以第一种方式"写(因为写起来更快)，我怎样才能避免像 broken pipe

(2) if I have to write in "first way" anyway (because it's faster to write), how can I avoid the complain like broken pipe

(3) 我不应该以第一方式"写作的最令人信服的原因可能是什么

(3) what might be the most compelling reason that I shouldn't write in "first way"

推荐答案

如果您的输入数据来自不受信任的来源，则使用 shell = True 可能会带来安全风险.例如.如果你的 mid 变量的内容是 "/dev/null; rm -rf/".在你的场景中似乎不是这种情况，所以我不会太担心.

Using shell = True can be a security risk if your input data comes from an untrusted source. E.g. what if the content of your mid variable is "/dev/null; rm -rf /". This does not seem to be the case in your scenario, so I would not worry too much about it.

在您的代码中，您将 awk 的结果直接写入 mid 中的文件名.要调试问题，您可能需要使用 subprocess.check_output 并从您的 python 程序中的 awk 调用中读取结果.

In your code you write the result of awk directly to the filename in mid. To debug the problem, you might want to use subprocess.check_output and read the result from your awk invocation in your python program.

cmd = """sort -n -r -k5 %s |
      head -n 500|
      awk 'OFS="	"{{if($2-{1}>0){{print $1,$2-{1},$3+{1},$4,$5}}}}'""".format(summit, top_count)

subprocess.check_call(cmd, shell=True, stdout=file)

这篇关于为什么不在 Python 中的 subprocess.Popen 中使用 `shell=True`?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！