Author vstinner
Recipients Michael.Felt, jkloth, vstinner
Date 2018-10-02.08:36:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1538469361.99.0.545547206417.issue34711@psf.upfronthosting.co.za>
In-reply-to
Content
Jeremy Kloth: "This is also an issue on Windows when the target path resides within a junction, paths outside of a junction respond (err, fail) as expected."
https://developercommunity.visualstudio.com/content/problem/272379/createfile-non-error-on-filename-with-trailing-bac.html

I don't know the behavior on Windows. I tried to create a file name "a\" (U+0061, U+005C): I get an OSError "invalid argument" (error 22).

I confirm that in a junction point, I am able to:

* open an existing file with an additional trailing antislash (U+005C): the extra character is simply ignored and I am able to open the file

* create a new file with an additional trailing antislash (U+005C): the filename is created without the trailing antislash

On the PR, I wrote:


> There are much more functions which "open a file". Open Python/fileutils.c for a few mores. What about os.open()? What about all other functions which accept a filename and then call a third party library which calls open() directly?

Ok, let me give some examples of function which directly open a file:

* fileutils.c: _Py_open(), _Py_open_noraise(), _Py_wfopen(), _Py_fopen(), _Py_fopen_obj()
* os.open()
* _io.FileIO, _pyio.FileIO (use os.open())

Ok... But there are other functions to access files... stat()/fstat() functions:

* fileutils.c: _Py_fstat_noraise(), _Py_fstat(), _Py_stat()
* Modules/getpath.c: _Py_wstat()
* os.stat(), os.lstat(), os.fstat()

To start to have a better ideas of how many functions accept filenames, open also Lib/shutil.py. shutil.copyfile() uses os.stat(), but then it uses os.symlink() and open()... So what about os.symlink()?

Ok, here I only listen a *few* examples of functions which are "controlled" by Python. But there are *many* wrappers to 3rd party libraries which accept a filename. Examples:

* _ssl.SSLContext.load_cert_chain()
* sqlite3.connect()
* etc.

Where is the limit? How many functions must be patched in Python? How do we patch OpenSSL and SQLite libraries?

Python is designed as a thin wrapper to the operating system. IMHO Python must not validate the filename itself.

--

> Going back to issue17234 - there has been a test to check that a URL with a trailing slash reports 404 status.

IMHO you must fix a single place: the SimpleHTTPServer, not all code handling the filesytem.

Same remark for AIX and Windows junctions.

I suggest to reject this issue.
History
Date User Action Args
2018-10-02 08:36:02vstinnersetrecipients: + vstinner, jkloth, Michael.Felt
2018-10-02 08:36:01vstinnersetmessageid: <1538469361.99.0.545547206417.issue34711@psf.upfronthosting.co.za>
2018-10-02 08:36:01vstinnerlinkissue34711 messages
2018-10-02 08:36:01vstinnercreate