[Python-Dev] Fuzzing bugs: most bugs are closed (original) (raw)
A.M. Kuchling amk at amk.ca
Mon Jul 21 19:41:41 CEST 2008
- Previous message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Next message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
yOn Mon, Jul 21, 2008 at 03:53:18PM +0000, Antoine Pitrou wrote:
The underscore at the beginning of sre clearly indicates that the module is not recommended for direct consumption, IMO. Even the functions that don't themselves start with an underscore...
Sure, but if someone is trying to break in or DoS your application server, they don't care if the module starts with an underscore or not.
To answer Victor's original question: the parser & compiler that turn a regex into bytecode is written in Python. I can't think of a way to prevent other Python modules from importing _sre or accessing the compile() function; if nothing else, code could always do 'import re ; re.sre_compile._sre.compile(...)'.
--amk
- Previous message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Next message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]