Python子进程AWS credentials shell脚本导致目录

2024-05-28 11:17:21 发布

您现在位置:Python中文网/ 问答频道 /正文
594 3

为了获得在EC2中运行Python脚本所需的所有“凭证”,我必须运行以下命令。所以我决定使用子流程来简化这个过程。在

subprocess.call(["export instance_profile=`curl 
http://169.254.169.254/latest/meta-data/iam/security-credentials",
"export AWS_ACCESS_KEY_ID=`curl http://169.254.169.254/latest/meta-
data/iam/security-credentials/${instance_profile} | grep AccessKeyId 
| cut -d':' -f2 | sed 's/[^0-9A-Z]*//g'`",
"export AWS_SECRET_ACCESS_KEY=`curl 
http://169.254.169.254/latest/meta-data/iam/security-
credentials/${instance_profile} | grep SecretAccessKey | cut -d':' -
f2 | sed 's/[^0-9A-Za-z/+=]*//g'`",
"export AWS_SECURITY_TOKEN=`curl http://169.254.169.254/latest/meta-
data/iam/security-credentials/${instance_profile} | grep Token | cut 
-d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g'`",
"export http_proxy=proxy.xxx.xxxxxxxxx.com:8099",
"export https_proxy=${http_proxy}"])

我得到一个错误:

^{pr2}$

我不熟悉bash和子进程,所以如果我犯了一些微不足道的错误,请原谅我。我试着运行python/脚本.py但我也有同样的错误。我想使用子流程来实现这一点,因为它被认为是最安全的方法。如果能得到一些指导,我将不胜感激。在


Tags: instanceawshttpdataexportcurlprofilelatest
1条回答
网友
1楼 · 发布于 2024-05-28 11:17:21

subprocess.call的第一个参数必须是程序或可执行文件。在你的情况下,事实并非如此。看起来您想在shell中执行调用,所以设置这个参数shell=True。注意:使用shell=True是一种安全隐患。在

Warning Executing shell commands that incorporate unsanitized input from an untrusted source makes a program vulnerable to shell injection, a serious security flaw which can result in arbitrary command execution. For this reason, the use of shell=True is strongly discouraged in cases where the command string is constructed from external input.

subprocess.call(["export instance_profile=`curl http://169.254.169.254/latest/meta-data/iam/security-credentials`",
"export AWS_ACCESS_KEY_ID=`curl http://169.254.169.254/latest/meta- data/iam/security-credentials/${instance_profile} | grep AccessKeyId | cut -d':' -f2 | sed 's/[^0-9A-Z]*//g'`",
"export AWS_SECRET_ACCESS_KEY=`curl http://169.254.169.254/latest/meta-data/iam/security- credentials/${instance_profile} | grep SecretAccessKey | cut -d':' - f2 | sed 's/[^0-9A-Za-z/+=]*//g'`",
"export AWS_SECURITY_TOKEN=`curl http://169.254.169.254/latest/meta-data/iam/security-credentials/${instance_profile} | grep Token | cut -d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g'`",
"export http_proxy=proxy.xxx.xxxxxxxxx.com:8099",
"export https_proxy=${http_proxy}"], shell=True)

相关问题 更多 >

    编程相关推荐