Now using "call" with no shell.

[toast/tdyndns.git] / bin / tdyndns_update

diff --git a/bin/tdyndns_update b/bin/tdyndns_update
index 8f943f8fbeee8f8761db745ca965adbac1a0403b..45c42640bc9a0bf9e8b6c332a4f6359fb42c9903 100755 (executable)
--- a/bin/tdyndns_update
+++ b/bin/tdyndns_update
@@ -6,12 +6,16 @@ from subprocess import Popen, PIPE, call
 import ipaddr
 
 
-class NsupdateError(Exception):
+class ExternalProgramError(RuntimeError):
+       pass
+
+
+class NsupdateError(ExternalProgramError):
        def __init__(self, returncode):
                self.returncode = returncode
 
 
-class BlockipError(Exception):
+class BlockipError(ExternalProgramError):
        def __init__(self, returncode):
                self.returncode = returncode
 
@@ -51,8 +55,8 @@ def blockip_whitelist_add(ip):
        """
        :param ip: ipv4 address
        :raises a BlockipError in case of errors."""
-       command = "iptables -I blockip -s {ip} -j ACCEPT".format(ip=ip)
-       p = call(command, shell=True)
+       command = ['iptables', '-I', 'blockip', '-s', str(ip), '-j', 'ACCEPT']
+       p = call(command)
        if p != 0:
                raise BlockipError(p)
 
@@ -61,8 +65,8 @@ def blockip_whitelist_delete(ip):
        """
        :param ip: ipv4 address
        :raises a BlockipError in case of errors."""
-       command = "iptables -D blockip -s {ip} -j ACCEPT".format(ip=ip)
-       p = call(command, shell=True)
+       command = ['iptables', '-D', 'blockip', '-s', str(ip), '-j', 'ACCEPT']
+       p = call(command)
        if p != 0:
                raise BlockipError(p)
 
@@ -82,7 +86,7 @@ def main(args):
                        nsupdate_add(args.fqdn, args.ttl, args.ip)
                        if ipfamily_by_ip(args.ip) == 'A':
                                blockip_whitelist_add(args.ip)
-       except NsupdateError as e:
+       except ExternalProgramError as e:
                sys.exit(e.returncode)