将字符串转化成命令在服务器上运行
1、批量安装库,执行多条命令
import os
libs = {"numpy","matplotlib","pillow","sklearn","requests","jieba","beautifulsoup4","wheel","networkx","sympy","pyinstaller","django","flask","werbot","pyQt5","pandas","pyopengl","pypdf2","docopt","pygame"}
try:
for lib in libs:
os.system("pip install "+lib)
print("Successful")
except:
print("Failed Somehow")
##使用system执行多条命令
##为了保证system执行多条命令可以成功,多条命令需要在同一个子进程中运行;
import os
os.system('cd /usr/local && mkdir aaa.txt')
# 或者
os.system('cd /usr/local ; mkdir aaa.txt')
2、注意过滤命令
未经过滤时就会时一个定时炸弹,留下了一个命令执行的漏洞,黑客完全可以通过构造命令来对服务器进行命令注入攻击,然后利用一些命令来实现远程控制或者远程操控。