Author David.Benjamin
Recipients David.Benjamin
Date 2012-10-02.19:15:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1349205316.95.0.274773533894.issue16112@psf.upfronthosting.co.za>
In-reply-to
Content
The implementation of platform.architecture shells out to the file command. It tries to escape quotes by replacing " with \", but that's not sufficient.

$ python3.2 -c 'import platform; platform.architecture("foo\\\"; echo Hi there > /tmp/Z; echo \\\"")' && cat /tmp/Z
Hi there

Here's a patch to make it use subprocess instead. I haven't tested it thoroughly building everything from trunk and running tests, but I verified it works by replacing the platform.py in my system Python install.
History
Date User Action Args
2012-10-02 19:15:17David.Benjaminsetrecipients: + David.Benjamin
2012-10-02 19:15:16David.Benjaminsetmessageid: <1349205316.95.0.274773533894.issue16112@psf.upfronthosting.co.za>
2012-10-02 19:15:16David.Benjaminlinkissue16112 messages
2012-10-02 19:15:16David.Benjamincreate