Author vstinner
Recipients Michael.Felt, jkloth, vstinner
Date 2018-10-02.08:36:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Jeremy Kloth: "This is also an issue on Windows when the target path resides within a junction, paths outside of a junction respond (err, fail) as expected."

I don't know the behavior on Windows. I tried to create a file name "a\" (U+0061, U+005C): I get an OSError "invalid argument" (error 22).

I confirm that in a junction point, I am able to:

* open an existing file with an additional trailing antislash (U+005C): the extra character is simply ignored and I am able to open the file

* create a new file with an additional trailing antislash (U+005C): the filename is created without the trailing antislash

On the PR, I wrote:

> There are much more functions which "open a file". Open Python/fileutils.c for a few mores. What about What about all other functions which accept a filename and then call a third party library which calls open() directly?

Ok, let me give some examples of function which directly open a file:

* fileutils.c: _Py_open(), _Py_open_noraise(), _Py_wfopen(), _Py_fopen(), _Py_fopen_obj()
* _io.FileIO, _pyio.FileIO (use

Ok... But there are other functions to access files... stat()/fstat() functions:

* fileutils.c: _Py_fstat_noraise(), _Py_fstat(), _Py_stat()
* Modules/getpath.c: _Py_wstat()
* os.stat(), os.lstat(), os.fstat()

To start to have a better ideas of how many functions accept filenames, open also Lib/ shutil.copyfile() uses os.stat(), but then it uses os.symlink() and open()... So what about os.symlink()?

Ok, here I only listen a *few* examples of functions which are "controlled" by Python. But there are *many* wrappers to 3rd party libraries which accept a filename. Examples:

* _ssl.SSLContext.load_cert_chain()
* sqlite3.connect()
* etc.

Where is the limit? How many functions must be patched in Python? How do we patch OpenSSL and SQLite libraries?

Python is designed as a thin wrapper to the operating system. IMHO Python must not validate the filename itself.


> Going back to issue17234 - there has been a test to check that a URL with a trailing slash reports 404 status.

IMHO you must fix a single place: the SimpleHTTPServer, not all code handling the filesytem.

Same remark for AIX and Windows junctions.

I suggest to reject this issue.
Date User Action Args
2018-10-02 08:36:02vstinnersetrecipients: + vstinner, jkloth, Michael.Felt
2018-10-02 08:36:01vstinnersetmessageid: <>
2018-10-02 08:36:01vstinnerlinkissue34711 messages
2018-10-02 08:36:01vstinnercreate