Message390353
> In this case, having it off by default goes further to prevent breakage
PyYAML was unsafe by default: it allowed to execute arbitary Python code by default. It took years to change the default to "safe". I don't think that adding a parameter for opt-in for security is a good approach. An application can use ipaddress internally without being aware of using it, if it's done by a third party module. It's hard to prevent security vulnerabilities if people have to "opt-in" for security.
I prefer to break code and force people to manually get back the old behavior. It's better to make 90% safe by default but make 10% of people unhappy.
It's uncommon to pass IPv4 addresses with leading zeros.
If you want to tolerate leading zeros, you don't have to modify the ipaddress for that, you can pre-process your inputs: it works on any Python version with or without the fix.
>>> def reformat_ip(address): return '.'.join(part.lstrip('0') if part != '0' else part for part in address.split('.'))
...
>>> reformat_ip('0127.0.0.1')
'127.0.0.1'
Or with an explicit loop for readability:
def reformat_ip(address):
parts = []
for part in address.split('.'):
if part != "0":
part = part.lstrip('0')
parts.append(part)
return '.'.join(parts) |
|
Date |
User |
Action |
Args |
2021-04-06 17:19:01 | vstinner | set | recipients:
+ vstinner, ncoghlan, eric.smith, christian.heimes, ned.deily, pmoody, docs@python, lukasz.langa, serhiy.storchaka, steve.dower, Joel Croteau, gc2 |
2021-04-06 17:19:01 | vstinner | set | messageid: <1617729541.65.0.12208326274.issue36384@roundup.psfhosted.org> |
2021-04-06 17:19:01 | vstinner | link | issue36384 messages |
2021-04-06 17:19:01 | vstinner | create | |
|