Message315189
The shlex module implements simple tokenize for a shell-like mini language. The shlex.split() function splits a string into subcomponents just like a typical Unix shell. However function has a surprising feature. When None is passed into shlex.split().
Note: Since the split() function instantiates a shlex instance, passing None for s will read the string to split from standard input.
https://docs.python.org/3/library/shlex.html#shlex.split
This is both surprising, unnecessary and potentially dangerous. Reading from sys.stdin is a blocking operation. In case an application doesn't account for None, shlex.split(value) could lead to a blocked server application. I suggest to deprecate and eventually remove this mis-feature.
Credits: David R. MacIver reported the bug on Twitter: https://twitter.com/DRMacIver/status/984001867985367040 |
|
Date |
User |
Action |
Args |
2018-04-11 10:28:49 | christian.heimes | set | recipients:
+ christian.heimes |
2018-04-11 10:28:49 | christian.heimes | set | messageid: <1523442529.49.0.682650639539.issue33262@psf.upfronthosting.co.za> |
2018-04-11 10:28:49 | christian.heimes | link | issue33262 messages |
2018-04-11 10:28:49 | christian.heimes | create | |
|