473,699 Members | 2,672 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

how to invoke the shell command and then get the result in python

Hi,

I want to do following: get a user input regex, then pass this as a
parameter to grep, and then get the result from grep.

Any code snip to implement the similar function? I am a python newbie.

Thanks a lot.
Bin

Dec 5 '06 #1
7 2696
Bin Chen wrote:
I want to do following: get a user input regex, then pass this as a
parameter to grep, and then get the result from grep.

Any code snip to implement the similar function? I am a python newbie.
import os
for line in os.popen("grep pattern *.txt"):
print line,

also see os.system and subprocess.

note that if you want to write portable code, you can implement your own
"grep" using the "re" module:

import re
p = re.compile(patt ern)
for index, line in enumerate(open( filename)):
if p.match(line):
print index, line,

</F>

Dec 5 '06 #2


Fredrik Lundh wrote:
import os
for line in os.popen("grep pattern *.txt"):
print line,

also see os.system and subprocess.

note that if you want to write portable code, you can implement your own
"grep" using the "re" module:
</F>
Also, for a wrapper around popen, try commands:

import commands

pattern = raw_input('patt ern to search? ')
print commands.getout put('grep %s *.txt' % pattern)

Pete

Dec 5 '06 #3
pe********@gmai l.com wrote:
Also, for a wrapper around popen, try commands:

import commands

pattern = raw_input('patt ern to search? ')
print commands.getout put('grep %s *.txt' % pattern)
that's not quite as portable as the other alternatives, though. "grep"
is at least available for non-Unix platforms, but "commands" requires a
unix shell.

for Python 2.5 and later, you could use:

def getoutput(cmd):
from subprocess import Popen, PIPE, STDOUT
p = Popen(cmd, stdout=PIPE, stderr=STDOUT,
shell=isinstanc e(cmd, basestring))
return p.communicate()[0]

print getoutput(["grep", pattern, glob.glob("*.tx t")])

which, if given a list instead of a string, passes the arguments
right through to the underlying process, without going through the
shell (consider searching for "-" or ";rm" with the original code).

</F>

Dec 5 '06 #4
pe********@gmai l.com <pe********@gma il.comwrote:
Also, for a wrapper around popen, try commands:

import commands

pattern = raw_input('patt ern to search? ')
print commands.getout put('grep %s *.txt' % pattern)
What if I entered "; rm -rf * ;" as my pattern?

Don't ever pass user input (from file/web/raw_input) to the shell if
you want to write a secure program!

If you use subprocess then you can use a sequence of args to bypass
the shell rather than a string to be passed to the shell. That will
get over lots of shell escaping problems too. Eg

from subprocess import Popen, PIPE
from glob import glob
pattern = raw_input('patt ern to search? ')
files = glob("*.txt")
output = Popen(["grep", pattern] + files, stdout=PIPE).co mmunicate()[0]
print output

You can also use subprocess to read the return code of the command and
its stderr both of which you'll need if you are programming
defensively!

--
Nick Craig-Wood <ni**@craig-wood.com-- http://www.craig-wood.com/nick
Dec 5 '06 #5

Nick Craig-Wood wrote:
>
What if I entered "; rm -rf * ;" as my pattern?
Assuming the script isn't setuid, this would do no more damage than the
user could do directly on the command line. I agree, when dealing with
web applications or setuid programs, direct shell access isn't a good
idea.

Pete

Dec 6 '06 #6
pe********@gmai l.com wrote:
Assuming the script isn't setuid, this would do no more damage than the
user could do directly on the command line.
except that when the user is typing things into the command line, he
*knows* that he's typing things into the command line.

</F>

Dec 6 '06 #7
Fredrik Lundh <fr*****@python ware.comwrote:
pe********@gmai l.com wrote:
Assuming the script isn't setuid, this would do no more damage than the
user could do directly on the command line.

except that when the user is typing things into the command line, he
*knows* that he's typing things into the command line.
Aye!

Who is to say that this script won't get re-used innocently in a web
application?

And in this particular example we were talking about typing regular
expressions into the shell, which have many of the same metacharacters
as the shell. So even an innocent use of the above can cause
problems.

Just say no to passing user input (from anywhere at all) via the
shell! That (along with SQL injection attacks which are very similar
in concept) is one of the most common security attacks for scripting
languages like Python when used in a web environment.

--
Nick Craig-Wood <ni**@craig-wood.com-- http://www.craig-wood.com/nick
Dec 6 '06 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
14355
by: Jorgen Grahn | last post by:
I couldn't think of a good solution, and it's hard to Google for... I write python command-line programs under Win2k, and I use the bash shell from Cygwin. I cannot use Cygwin's python package because of a binary module which has to be compiled with Visual C 6. My scripts start with a '#!/usr/bin/env python' shebang, as God intended. Now, I assume I can make cmd.exe run foo.py by asociating *.py with the python interpreter.
0
7101
by: Kyle | last post by:
To any who chose to provide an answer, or even any suggestions to this problem, I thank you greatly in advance. +200 pts. for any valid solutions. I am currently in the process of converting a website from an existing web host to our servers. This website used the WScript.Shell command to execute a series of Java commands that would send an encrypted email. I ran these commands directly on the server and they execute properly,
7
7901
by: DB_2 | last post by:
Hello, I was trying to load a comma-separated text file to a DB2 table. I believe I have the syntax rigt for the LOAD command. My first question is, how do you actually run it? It is not a SQL command; so it doesn't run from the command center/SQL window. It looks like a utility tool but I didn't find a load.exe or db2load.exe file in the installation directory.
2
1572
by: NightHawk | last post by:
Im not a total noob but i don't know the command and the module to go from python to the default shell. (not from interactive mode - $python)
4
2378
by: Anastasios Hatzis | last post by:
I'm looking for a pattern where different client implementations can use the same commands of some fictive tool ("foo") by accessing some kind of API. Actually I have the need for such pattern for my own tool (http://openswarm.sourceforge.net). I already started restructuring my code to separate the actual command implementations from the command-line scripts (which is optparser-based now) and have some ideas how to proceed. But probably...
3
3821
by: George Sakkis | last post by:
I'm trying to figure out why Popen captures the stderr of a specific command when it runs through the shell but not without it. IOW: cmd = if 1: # this captures both stdout and stderr as expected pipe = Popen(' '.join(cmd), shell=True, stderr=PIPE, stdout=PIPE) else: # this captures only stdout pipe = Popen(cmd, shell=False, stderr=PIPE, stdout=PIPE) # this prints the empty string if not run through the shell
1
1477
by: Tobiah | last post by:
For years now, I've been exiting the shell by typing 'exit\n', being chid by the shell, and then typing ^D. I can't remember a time that I typed the ^D the first time. Call me an idiot if you must, but since someone took the trouble to catch the command 'exit' in a special way, would it have been so awful to just let it be a way to exit when the shell? Thanks, Toby
15
2165
by: lixinyi.23 | last post by:
Hi! I'm currently working on a scientific computation software built in python. What I want to implement is a Matlab style command window <-> workspace interaction. For example, you type 'a=1' in the command window, and you see a list item named 'a' in the workspace. You double click the icon of the item, and you see its value. You can
8
5582
by: james.kirin39 | last post by:
Hi everyone, After having used Python on Linux for some time, I now have to do Python coding on Windows. I am big fan of the interactive Python shell to test, eg, regexps. Is there an interactive Python shell on Windows that supports: - easy copy-pasting to/from an editor? (as opposed to the cumbersome "mark", "copy" and then "paste" sequence that any terminal on Windows
0
8704
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9054
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8895
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7778
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6545
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4390
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4637
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2362
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2015
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.