Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2015-September/141444.html below:

[Python-Dev] PEP 501 Shell Command Examples

• Previous message (by thread): [Python-Dev] PEP 498: Naming
• Next message (by thread): [Python-Dev] PEP 501 Shell Command Examples
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Nick,

You are giving

  runcommand(sh(i"cat {filename}"))

as an example that avoids injection attacks. While this is true, I think
this is still a terrible anti-pattern[1] that should not be entombed in
a PEP as a positive example.

Could you consider removing it?

(It doubly wastes resources by pointlessly calling a shell, and then by
parsing & quoting the argument only for the shell to do the same in
reverse).

Best,
-Nikolaus
-- 
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«

• Previous message (by thread): [Python-Dev] PEP 498: Naming
• Next message (by thread): [Python-Dev] PEP 501 Shell Command Examples
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4