Author vstinner
Recipients ezio.melotti, lemburg, serhiy.storchaka, vstinner
Date 2017-03-10.14:17:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The codecs.StreamReaderWriter() class still has old unfixed issues like the issue #12508 (open since 2011). This issue is even seen as a security vulnerability by the owasp-pysec project:

I propose to modify to reuse the io module: call with newline=''. The io module is now battle-tested and handles well many corner cases of incremental codecs with multibyte encodings.

With this change, cannot be used with non-text encodings... but I'm not sure that this feature ever worked in Python 3:

$ ./python -bb
Python 3.7.0a0
>>> import codecs
>>> f ='test', 'w', encoding='rot13')
>>> f.write('hello')
TypeError: a bytes-like object is required, not 'str'
>>> f.write(b'hello')
TypeError: a bytes-like object is required, not 'dict'

The next step would be to deprecate the codecs.StreamReaderWriter class and the But my latest attempt to deprecate them was the PEP 400 and it wasn't a full success, so I now prefer to move step by step :-)

Attached PR:

* Modify to use
* Remove "; use to handle arbitrary codecs" from and error messages
* Replace with open() at various places
Date User Action Args
2017-03-10 14:17:29vstinnersetrecipients: + vstinner, lemburg, ezio.melotti, serhiy.storchaka
2017-03-10 14:17:29vstinnersetmessageid: <>
2017-03-10 14:17:28vstinnerlinkissue29783 messages
2017-03-10 14:17:28vstinnercreate