Split a command string so that it is suitable to pass to Popen without shell=True. This prevents shell injection attacks in the options passed to ssh or some other command.
(self, cmd)
| 382 | return self._run_cmd(cmd) |
| 383 | |
| 384 | def _split_cmd(self, cmd): |
| 385 | """ |
| 386 | Split a command string so that it is suitable to pass to Popen without |
| 387 | shell=True. This prevents shell injection attacks in the options passed |
| 388 | to ssh or some other command. |
| 389 | """ |
| 390 | try: |
| 391 | ssh_part, cmd_part = cmd.split("/bin/sh") |
| 392 | except ValueError: |
| 393 | cmd_lst = shlex.split(cmd) |
| 394 | else: |
| 395 | cmd_lst = shlex.split(ssh_part) |
| 396 | cmd_lst.append(f"/bin/sh {cmd_part}") |
| 397 | return cmd_lst |
| 398 | |
| 399 | def _sanitize_str(self, text, sanitize_text): |
| 400 | """Remove all occurrences of sanitize_text from text""" |
no test coverage detected