Author serhiy.storchaka
Recipients eric.smith, eryksun, mrabarnett, pacujo, r.david.murray, serhiy.storchaka
Date 2018-06-02.04:17:58
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1527913079.58.0.81473610881.issue33721@psf.upfronthosting.co.za>
In-reply-to
Content
In earlier versions NULs in paths caused silent truncating the path, and this is considered a vulnerability.

In 2.7 and earlier versions of 3.x a TypeError was raised in os.path.exists(). ValueError in this function (and many others) is raised since 3.5, because it looks more appropriate.

Similar exceptions are raised perhaps in hundreds functions. It is impossible to document them all, and os.path.exists() doesn't look special enough for documenting this only for it.

However os.path.exists() is special in the sense that this exception can be interpreted as a false value. Since os.path.exists() already catches OSError and interprets it as a false result, it is easier to add a ValueError here. I don't think this will break much code if add it only in 3.8. This will cover also the case of unencodable/undecodable paths ('\udfff', b'\x98').
History
Date User Action Args
2018-06-02 04:17:59serhiy.storchakasetrecipients: + serhiy.storchaka, eric.smith, mrabarnett, r.david.murray, eryksun, pacujo
2018-06-02 04:17:59serhiy.storchakasetmessageid: <1527913079.58.0.81473610881.issue33721@psf.upfronthosting.co.za>
2018-06-02 04:17:59serhiy.storchakalinkissue33721 messages
2018-06-02 04:17:58serhiy.storchakacreate