subprocess-popen-with-shell-equals-true (S602)#
Derived from the flake8-bandit linter.
What it does#
Check for method calls that initiate a subprocess with a shell.
Why is this bad?#
Starting a subprocess with a shell can allow attackers to execute arbitrary shell commands. Consider starting the process without a shell call and sanitize the input to mitigate the risk of shell injection.
Example#
Use instead: