One important thing to note is that our run function will look for an executable that can satisfy the requested command, but won't run any shell expression. So, it's not possible to send shell scripts to it. If that's required, the shell=True option can be passed to subprocess.check_output, but that's heavily discouraged because it allows the injection of shell code into our program.

Suppose you want to write a command that prints the content of a directory that the user choose; a very simple solution might be the following:

import sys
if len(sys.argv) < 2:
    print('Please provide a directory')
    sys.exit(1)
_, out = run('ls {}'.format(sys.argv[1]))
print(out)

Now, what would happen if we allowed shell=True in run and the user ...