164

Since os.popen is being replaced by subprocess.popen, I was wondering how would I convert

os.popen('swfdump /tmp/filename.swf/ -d')

to subprocess.popen()

I tried:

subprocess.Popen("swfdump /tmp/filename.swf -d")
subprocess.Popen("swfdump %s -d" % (filename))  # NOTE: filename is a variable
                                                # containing /tmp/filename.swf

But I guess I'm not properly writing this out. Any help would be appreciated. Thanks

Improve this question
1
  • 1
    Is this a Windows Machine or Linux machine ? Commented Aug 31, 2017 at 19:30

4 Answers 4

Reset to default
221

subprocess.Popen takes a list of arguments:

from subprocess import Popen, PIPE

process = Popen(['swfdump', '/tmp/filename.swf', '-d'], stdout=PIPE, stderr=PIPE)
stdout, stderr = process.communicate()

There's even a section of the documentation devoted to helping users migrate from os.popen to subprocess.

Improve this answer
Sign up to request clarification or add additional context in comments.

15 Comments

@HansThen shell=True is not recommended.
@Lukas Graf Since it says so in the code. @Alex shell=True is considered a security risk when used to process untrusted data. A clever attacker can modify the input to access arbitrary system commands. E.g. by inputting filename.swf; rm -rf / for the value of filename. However, this is only a problem, when the contents of your argument to Popen is insecure.
@Lukas Graf From the code fragment I strongly doubt that was meant as an example value, to be filled by untrusted user supplied data. But I am prepared to call a truce on that item. My point was more that there is no reason not to use shell=True except when using untrusted input. Simply stating that shell=True is not recommended is misleading.
@HansThen: P.S. Don't get me wrong, I'm not trying to get on your case here. It's just that you seem to be aware of the risks involved with shell=True, but any random user stumbling across this question might not be. That's why I think it's important to highlight that shell=True in fact isn't recommended, unless you know exactly what you're doing.
@Blender Nobody said it was harmful - it's merely dangerous. But aside from that, your argument doesn't make sense at all. Many OS functions that the Python standard library exposes are potentially dangerous - take shutil.rmtree for example. But that has nothing to do with whether they are included in the stdlib or not. I believe the UNIX philosophy of "Unix was not designed to stop its users from doing stupid things, as that would also stop them from doing clever things." also applies in large parts to Python.
|
21

In the recent Python version, subprocess has a big change. It offers a brand-new class Popen to handle os.popen1|2|3|4.

The new subprocess.Popen()

import subprocess
subprocess.Popen('ls -la', shell=True)

Its arguments:

subprocess.Popen(args, 
                bufsize=0, 
                executable=None, 
                stdin=None, stdout=None, stderr=None, 
                preexec_fn=None, close_fds=False, 
                shell=False, 
                cwd=None, env=None, 
                universal_newlines=False, 
                startupinfo=None, 
                creationflags=0)

Simply put, the new Popen includes all the features which were split into 4 separate old popen.

The old popen:

Method  Arguments
popen   stdout
popen2  stdin, stdout
popen3  stdin, stdout, stderr
popen4  stdin, stdout and stderr

You could get more information in Stack Abuse - Robert Robinson. Thank him for his devotion.

Improve this answer

Comments

15

It may not be obvious how to break a shell command into a sequence of arguments, especially in complex cases. shlex.split() can do the correct tokenization for args (I'm using Blender's example of the call):

import shlex
from subprocess import Popen, PIPE
command = shlex.split('swfdump /tmp/filename.swf/ -d')
process = Popen(command, stdout=PIPE, stderr=PIPE)
stdout, stderr = process.communicate()

https://docs.python.org/3/library/subprocess.html

Improve this answer

Comments

12

Use sh, it'll make things a lot easier:

import sh
print sh.swfdump("/tmp/filename.swf", "-d")
Improve this answer

1 Comment

sh, it's good, however it's not same with Popen of subprocess. sh is alike with call of subprocess.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.