classification
Title: csv.DictReader throws generic error when fieldnames is accessed for non-text file
Type: Stage: resolved
Components: Versions: Python 2.7
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: berker.peksag, boyombo, josh.r
Priority: normal Keywords:

Created on 2016-04-11 18:38 by boyombo, last changed 2016-04-12 08:57 by berker.peksag. This issue is now closed.

Messages (4)
msg263199 - (view) Author: Bayo Opadeyi (boyombo) Date: 2016-04-11 18:38
If you use the csv.DictReader to open a non-text file and try to access fieldnames on it, it crashes with a generic error instead of something specific.
msg263218 - (view) Author: Josh Rosenberg (josh.r) * (Python triager) Date: 2016-04-12 01:52
This already behaves usefully in 3.5 where reading fieldnames from a DictReader wrapping a file opened in binary mode gets you:

_csv.Error: iterator should return strings, not bytes (did you open the file in text mode?)

And 2.7 is highly unlikely to make fit and finish fixes at this stage in the game.

That said, not sure what you'd expect in 2.7; standard open in binary mode is correct there, and you'd get str either way. Is the problem that it's not a CSV file in the first place? Because Python 2's csv isn't encoding aware; as long as it doesn't have embedded NULs, anything could be legitimate data (csv doesn't have the context to say that it should be latin-1, EBCDIC, or whatever).
msg263234 - (view) Author: Bayo Opadeyi (boyombo) Date: 2016-04-12 07:53
Yes, the problem is that the file is not csv. The scenario is a web application allowing people to upload csv files, but they can upload any files they like.
msg263240 - (view) Author: Berker Peksag (berker.peksag) * (Python committer) Date: 2016-04-12 08:57
> The scenario is a web application allowing people to upload csv files, but they can upload any files they like.

This looks like a potential security flaw in the application. The application should reject any non-CSV files from being uploaded (instead of relying on the CSV module).

Thanks for the report.
History
Date User Action Args
2016-04-12 08:57:14berker.peksagsetstatus: open -> closed

nosy: + berker.peksag
messages: + msg263240

resolution: not a bug
stage: resolved
2016-04-12 07:53:49boyombosetstatus: pending -> open

messages: + msg263234
2016-04-12 06:22:54serhiy.storchakasetstatus: open -> pending
2016-04-12 01:52:37josh.rsetnosy: + josh.r
messages: + msg263218
2016-04-11 18:39:15boyombosettitle: csv.DictReader throws generic error when fieldnames is accessed on non-text file -> csv.DictReader throws generic error when fieldnames is accessed for non-text file
2016-04-11 18:38:37boyombocreate