Home Original page

Message 315189 - Python tracker

Message315189

Author christian.heimes
Recipients christian.heimes
Date 2018-04-11.10:28:49
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1523442529.49.0.682650639539.issue33262@psf.upfronthosting.co.za>
In-reply-to
Content 
The shlex module implements simple tokenize for a shell-like mini language. The shlex.split() function splits a string into subcomponents just like a typical Unix shell. However function has a surprising feature. When None is passed into shlex.split().

Note: Since the split() function instantiates a shlex instance, passing None for s will read the string to split from standard input. 

https://docs.python.org/3/library/shlex.html#shlex.split


This is both surprising, unnecessary and potentially dangerous. Reading from sys.stdin is a blocking operation. In case an application doesn't account for None, shlex.split(value) could lead to a blocked server application. I suggest to deprecate and eventually remove this mis-feature.

Credits: David R. MacIver reported the bug on Twitter: https://twitter.com/DRMacIver/status/984001867985367040
History
Date User Action Args
2018-04-11 10:28:49christian.heimessetrecipients: + christian.heimes
2018-04-11 10:28:49christian.heimessetmessageid: <1523442529.49.0.682650639539.issue33262@psf.upfronthosting.co.za>
2018-04-11 10:28:49christian.heimeslinkissue33262 messages
2018-04-11 10:28:49christian.heimescreate