This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Deprecate shlex.split(None) to read from stdin.
Type: behavior Stage: patch review
Components: Library (Lib) Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: ZackerySpytz, andrei.avk, christian.heimes, eric.smith, n_rosenstein, p-ganssle
Priority: normal Keywords: patch

Created on 2018-04-11 10:28 by christian.heimes, last changed 2022-04-11 14:58 by admin.

Pull Requests
URL Status Linked Edit
PR 6514 merged ZackerySpytz, 2018-04-17 19:35
Messages (5)
msg315189 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-04-11 10:28
The shlex module implements simple tokenize for a shell-like mini language. The shlex.split() function splits a string into subcomponents just like a typical Unix shell. However function has a surprising feature. When None is passed into shlex.split().

Note: Since the split() function instantiates a shlex instance, passing None for s will read the string to split from standard input. 

https://docs.python.org/3/library/shlex.html#shlex.split


This is both surprising, unnecessary and potentially dangerous. Reading from sys.stdin is a blocking operation. In case an application doesn't account for None, shlex.split(value) could lead to a blocked server application. I suggest to deprecate and eventually remove this mis-feature.

Credits: David R. MacIver reported the bug on Twitter: https://twitter.com/DRMacIver/status/984001867985367040
msg315209 - (view) Author: Eric V. Smith (eric.smith) * (Python committer) Date: 2018-04-12 00:01
I agree that it should be deprecated. That's crazy behavior.

I'd also recommend that shlex.shlex with instream=None be deprecated, but maybe that's too radical. It seems way too easy to accidentally pass in None.
msg323489 - (view) Author: Niklas Rosenstein (n_rosenstein) * Date: 2018-08-13 19:23
I've just run into this as well -- I thought it was a bug until I found this issue. I also think that this is anything from sane.
msg365468 - (view) Author: Paul Ganssle (p-ganssle) * (Python committer) Date: 2020-04-01 13:58
New changeset 975ac326ffe265e63a103014fd27e9d098fe7548 by Zackery Spytz in branch 'master':
bpo-33262: Deprecate passing None for `s` to shlex.split() (GH-6514)
https://github.com/python/cpython/commit/975ac326ffe265e63a103014fd27e9d098fe7548
msg400555 - (view) Author: Andrei Kulakov (andrei.avk) * (Python triager) Date: 2021-08-29 19:19
Can be closed as fixed (or perhaps renamed and kept open to track eventual raising of error in the future?)
History
Date User Action Args
2022-04-11 14:58:59adminsetgithub: 77443
2021-08-29 19:19:42andrei.avksetnosy: + andrei.avk
messages: + msg400555
2020-04-01 13:58:59p-gansslesetnosy: + p-ganssle
messages: + msg365468
2018-08-13 19:23:19n_rosensteinsetnosy: + n_rosenstein
messages: + msg323489
2018-04-17 19:37:07ZackerySpytzsetnosy: + ZackerySpytz
components: + Library (Lib)
2018-04-17 19:35:17ZackerySpytzsetkeywords: + patch
stage: needs patch -> patch review
pull_requests: + pull_request6207
2018-04-12 00:01:13eric.smithsetnosy: + eric.smith
messages: + msg315209
2018-04-11 10:28:49christian.heimescreate