I've created a library that use t-strings to prevent shell injection that even w... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		aspizu 79 days ago \| parent \| context \| favorite \| on: Python 3.14.0 I've created a library that use t-strings to prevent shell injection that even works on Windows. It's written in Rust. https://github.com/aspizu/tshu `$ uv run --with tshu python -m asyncio >>> from tshu import sh >>> username = "aspizu; rm -rf /" >>> await sh(t"echo {username}") aspizu; rm -rf /`

Flimm 79 days ago [–]

Does the library handle arguments that begin with a dash?

Does this code print out the contents of the file named `--help`, or does it print the documentation for the `cat` command?

  filename = "--help"
  await sh(t"cat {filename}")

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact