classification
Title: Deprecate shlex.split(None) to read from stdin.
Type: behavior Stage: patch review
Components: Library (Lib) Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: ZackerySpytz, christian.heimes, eric.smith, n_rosenstein
Priority: normal Keywords: patch

Created on 2018-04-11 10:28 by christian.heimes, last changed 2018-08-13 19:23 by n_rosenstein.

Pull Requests
URL Status Linked Edit
PR 6514 open ZackerySpytz, 2018-04-17 19:35
Messages (3)
msg315189 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-04-11 10:28
The shlex module implements simple tokenize for a shell-like mini language. The shlex.split() function splits a string into subcomponents just like a typical Unix shell. However function has a surprising feature. When None is passed into shlex.split().

Note: Since the split() function instantiates a shlex instance, passing None for s will read the string to split from standard input. 

https://docs.python.org/3/library/shlex.html#shlex.split


This is both surprising, unnecessary and potentially dangerous. Reading from sys.stdin is a blocking operation. In case an application doesn't account for None, shlex.split(value) could lead to a blocked server application. I suggest to deprecate and eventually remove this mis-feature.

Credits: David R. MacIver reported the bug on Twitter: https://twitter.com/DRMacIver/status/984001867985367040
msg315209 - (view) Author: Eric V. Smith (eric.smith) * (Python committer) Date: 2018-04-12 00:01
I agree that it should be deprecated. That's crazy behavior.

I'd also recommend that shlex.shlex with instream=None be deprecated, but maybe that's too radical. It seems way too easy to accidentally pass in None.
msg323489 - (view) Author: Niklas Rosenstein (n_rosenstein) Date: 2018-08-13 19:23
I've just run into this as well -- I thought it was a bug until I found this issue. I also think that this is anything from sane.
History
Date User Action Args
2018-08-13 19:23:19n_rosensteinsetnosy: + n_rosenstein
messages: + msg323489
2018-04-17 19:37:07ZackerySpytzsetnosy: + ZackerySpytz
components: + Library (Lib)
2018-04-17 19:35:17ZackerySpytzsetkeywords: + patch
stage: needs patch -> patch review
pull_requests: + pull_request6207
2018-04-12 00:01:13eric.smithsetnosy: + eric.smith
messages: + msg315209
2018-04-11 10:28:49christian.heimescreate