Created on 2018-04-11 10:28 by christian.heimes, last changed 2018-04-17 19:37 by ZackerySpytz.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 6514 | open | ZackerySpytz, 2018-04-17 19:35 | |
| Messages (2) | |||
|---|---|---|---|
| msg315189 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2018-04-11 10:28 | |
The shlex module implements simple tokenize for a shell-like mini language. The shlex.split() function splits a string into subcomponents just like a typical Unix shell. However function has a surprising feature. When None is passed into shlex.split(). Note: Since the split() function instantiates a shlex instance, passing None for s will read the string to split from standard input. https://docs.python.org/3/library/shlex.html#shlex.split This is both surprising, unnecessary and potentially dangerous. Reading from sys.stdin is a blocking operation. In case an application doesn't account for None, shlex.split(value) could lead to a blocked server application. I suggest to deprecate and eventually remove this mis-feature. Credits: David R. MacIver reported the bug on Twitter: https://twitter.com/DRMacIver/status/984001867985367040 |
|||
| msg315209 - (view) | Author: Eric V. Smith (eric.smith) * |
Date: 2018-04-12 00:01 | |
I agree that it should be deprecated. That's crazy behavior. I'd also recommend that shlex.shlex with instream=None be deprecated, but maybe that's too radical. It seems way too easy to accidentally pass in None. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2018-04-17 19:37:07 | ZackerySpytz | set | nosy:
+ ZackerySpytz components: + Library (Lib) |
| 2018-04-17 19:35:17 | ZackerySpytz | set | keywords:
+ patch stage: needs patch -> patch review pull_requests: + pull_request6207 |
| 2018-04-12 00:01:13 | eric.smith | set | nosy:
+ eric.smith messages: + msg315209 |
| 2018-04-11 10:28:49 | christian.heimes | create | |