100
101 elif checked_ez_button.name == "btnOpenFolder":
102 try:
103 os.startfile(os.path.join(os.getcwd(), "Resources/Images/Saved_fractals/"))104 except Exception as e:
105 print("Error: ", e)
106 try:
130 )
131 elif checked_complex_button.name == "btnSettings":
132 try:
133 os.startfile("CONFIG.ini")134 except Exception as e:
135 print("Error: ", e)
136 try:
69 # help button -> open help.html
70 if checked_ez_button.name == "btnOpenFolder":
71 try:
72 os.startfile(os.path.join(os.getcwd(), "Resources/Images/Saved_fractals/")) 73 except Exception as e:
74 print("Error:", e)
75 try:
Spawning of a subprocess in a way that doesn't use a shell is generally safe, but it maybe useful for penetration testing workflows to track where external system calls are used.
Python possesses many mechanisms to invoke an external executable. However, doing so may present a security issue if appropriate care is not taken to sanitize any user provided or variable input.
import os
# Creating subprocess:
# The following calls can be sensitive if the command is not sanitized, since they are starting a subprocess.
os.spawnl(mode, path, *cmd)
os.spawnle(mode, path, *cmd, env)
os.spawnlp(mode, file, *cmd)
os.spawnlpe(mode, file, *cmd, env)
os.spawnv(mode, path, cmd)