2
import subprocess as subp
4
# Vulnerable to wildcard injection
8
subp.Popen('chown *', shell=True)
10
# Not vulnerable to wildcard injection
13
subp.Popen(['chown', '*'])
14
subp.Popen(["chmod", sys.argv[1], "*"],
15
stdin=subprocess.PIPE, stdout=subprocess.PIPE)
16
o.spawnvp(os.P_WAIT, 'tar', ['tar', 'xvzf', '*'])