Re: [Help-bash] avoiding shell variable expansion

[Greg Wooledge]

On Fri, Oct 04, 2019 at 10:02:03AM +0100, Stephane Chazelas wrote:
> 2019-10-03 19:47:42 +0000, Greg Silverman:
> > //file: ls.py
> > import subprocess
> > proc = subprocess.Popen(['/bin/ls','*'],shell=False)

> If you want ls to list the contents of the current directory,
> you would run "ls" without argument at all or "ls" with a "."
> argument which is exactly the same. You could run "ls" with 
> "--" and [...]

OK, I'm calling it here.  Bashphorism 9:

  All examples given by the questioner will be broken, misleading, wrong,
  and/or not representative of the actual question.

More often than not, when someone gives an "example" that uses ls,
they aren't actually trying to enumerate or display filenames.  They
just think that ls is a "generic command that I can replace with my real
command later".

Then, the people who are trying to help get caught up in the fact that
using ls is *abhorrently wrong* in the stated context, and should
be replaced by a for loop, or find, or something else that would
solve the problem of "enumerate, or iterate, or display file names"
more correctly.

Finally, the OP says "but it was just an example".  Much time is wasted.

Avoid code injection is a huge and important topic, and I certainly
don't want to curtail this discussion.  Just make sure your cynical
mode is active.

See also:

https://mywiki.wooledge.org/CodeInjection
https://mywiki.wooledge.org/ParsingLs
https://mywiki.wooledge.org/BashFAQ/064