A (relatively) secure and easy-to-use subprocess implementation for Python

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for breimers from gravatar.com breimers

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

BearShell

A (relatively) secure and easy-to-use subprocess implementation for Python

BearShell

BearShell is a Python class for executing shell commands securely with output streaming, injection risk protection, and support for command presets. This tool provides an easy-to-use interface while enforcing security policies and offering control over the commands executed.

Features

  • Secure Command Execution: Protects against common shell injection tactics.
  • Command Presets: Allows predefined command templates with substitution.
  • Output Streaming: Streams output line-by-line while capturing the entire result.
  • Allow-List and Block-List: Policies to restrict which commands can or cannot be executed.
  • Injection Risk Detection: Detects risky shell patterns like ;, &&, rm, and others.

Installation

  1. Clone the repository or install the class directly into your project.
  2. No dependencies outside the standard Python library.

Example Usage

from bearshell import BearShell

# Create BearShell object with a buffer limit of 5000 lines
shell = BearShell(max_buffer_lines=5000)

# Set allow-list of safe commands
shell.set_allow_list(["searchsploit", "nmap"])

# Set block-list of risky commands
shell.set_block_list(["rm", "shutdown"])

# Define a preset command for running searchsploit
shell.add_preset("search_exploit", ["searchsploit", "{query}"])

# Run the search_exploit preset with a query
response = shell.run_preset("search_exploit", query="apache")

# Output the response as a dictionary
print(response.to_dict())

# Run a custom command directly (this will be parsed and validated)
response = shell.run("nmap -p 80 192.168.1.1")

# Output the response
print(response.to_dict())

# Run a custom command directly (this will be parsed and validated)
response = shell.run("nmap -p 80 192.168.1.1")

# Output the response
print(response.to_dict())

Command Response

The BearResponse returned by the run and run_preset methods contains:

start_time Time when the command started.

end_time Time when the command finished.

stdout Standard output (captured during the command execution).

stderr Standard error output.

error_message An error message in case of a failure (e.g., injection risk or policy violation).

You can get the response in various formats:

Dictionary: response.to_dict()

JSON: response.to_json()

Policy Enforcement

Allow-List: Only allows commands listed in the allow-list to run.

Block-List: Blocks commands that are added to the block-list.

Injection Risk Detection: Automatically checks for dangerous patterns (e.g., rm, shutdown) and blocks commands with such patterns.

Example Response Object

{ "start_time": "2025-04-10T12:30:00", "end_time": "2025-04-10T12:30:05", "stdout": "Found exploit for Apache\n", "stderr": "", "error_message": null }

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for breimers from gravatar.com breimers

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bearshell-0.1.3.tar.gz (5.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bearshell-0.1.3-py3-none-any.whl (5.4 kB view details)

Uploaded Python 3

File details

Details for the file bearshell-0.1.3.tar.gz.

File metadata

  • Download URL: bearshell-0.1.3.tar.gz
  • Upload date:
  • Size: 5.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for bearshell-0.1.3.tar.gz
Algorithm Hash digest
SHA256 6efce57e0aee45e2d63e14bf030442c33239b9d62a9282e5b9c2cdea5ba81c0d
MD5 552bda3c1d5f8830fe1684ba0768b8dd
BLAKE2b-256 6b0ce1893e45883db3b7644b55bbc6abb4fd47d9ea2f0740951bc0c66cc25b51

See more details on using hashes here.

Provenance

The following attestation bundles were made for bearshell-0.1.3.tar.gz:

Publisher: python-publish.yml on breimers/bear-shell

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file bearshell-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: bearshell-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 5.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for bearshell-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 8380f7fe7d5386aa0777da326815931f0ad41f7360aa48835eaa3d11a8f2d4ca
MD5 b001a0e424631e31de39b909f60250bc
BLAKE2b-256 57edf4371d1b49916a703576915bab935227563e280b0c67093e9c727f6778fb

See more details on using hashes here.

Provenance

The following attestation bundles were made for bearshell-0.1.3-py3-none-any.whl:

Publisher: python-publish.yml on breimers/bear-shell

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page