The shlex module provides shell-compatible tokenization and quoting. shlex.quote is the canonical sanitizer for shell=True command construction. shlex.split is safer than splitting yourself, but quote is what protects against shell-metacharacter injection.
.quote()Sanitizershlex.quote(s: str) -> str
Returns a shell-escaped version of s. Sanitizer for shell=True sinks.
return.split()Sanitizershlex.split(s, comments=False, posix=True) -> list[str]
Splits a string using shell-like syntax. Sanitizer when producing list[str] for subprocess (implies shell=False).
return.join()Sanitizershlex.join(split_command: Iterable[str]) -> str
Joins tokens with proper shell quoting.
return| FQN | Field | |
|---|---|---|
| shlex | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyShlex