[Python-Dev] Fuzzing bugs: most bugs are closed (original) (raw)
Guido van Rossum guido at python.org
Wed Jul 30 20:17:51 CEST 2008
- Previous message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Next message: [Python-Dev] Subversion 1.5 and better merge support
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jul 21, 2008 at 10:41 AM, A.M. Kuchling <amk at amk.ca> wrote:
On Mon, Jul 21, 2008 at 03:53:18PM +0000, Antoine Pitrou wrote:
The underscore at the beginning of sre clearly indicates that the module is not recommended for direct consumption, IMO. Even the functions that don't themselves start with an underscore... Sure, but if someone is trying to break in or DoS your application server, they don't care if the module starts with an underscore or not. To answer Victor's original question: the parser & compiler that turn a regex into bytecode is written in Python. I can't think of a way to prevent other Python modules from importing sre or accessing the compile() function; if nothing else, code could always do 'import re ; re.srecompile.sre.compile(...)'.
I've written a re-code verifier for the Google App Engine. I have permission to open source this, hopefully I will get to this before 2.6 beta 3.
-- --Guido van Rossum (home page: http://www.python.org/~guido/)
- Previous message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Next message: [Python-Dev] Subversion 1.5 and better merge support
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]