1

So I have a Raspberry Pi unit that is set up to check a gmail account and if new mail appears, it reads it out loud via festival.

I interact with Festival via a crude 'echo "' + str(message) + '" | festival --tts' call where message is the content of an incoming email.

I am guessing that somebody could send something nasty in that message and destroy the computer and I am wondering if there is a good way to clean the message and make the process more safe in general.

I can validate email addresses but, even within validated emails, I want to have any checks I can in place.

DAXaholic
  • 33,312
  • 6
  • 76
  • 74
Chris
  • 12,900
  • 12
  • 43
  • 65

1 Answers1

1

Is there a reason you have to use the shell to invoke festival?
If not, just stay within python and use a lib (e.g. pyfestival) for that as this is probably simpler and you don't have the risk of someone injecting shell code into the message.

Update: As you want to call it via a separate process, try it with something like that (not tested yet though) 

from subprocess import Popen, PIPE
p = Popen(['festival', '--tts'], stdin=PIPE)
p.communicate(input=message)

The above is a customized version of that question's answer

Community
  • 1
  • 1
DAXaholic
  • 33,312
  • 6
  • 76
  • 74
  • I am on a raspberry Pi and I had issues installing pyfestival. I can read the text from a script via festival but i'm stuck with the command line tool. – Chris Jul 19 '16 at 05:00