[Python-Dev] PEP 501 Shell Command Examples (original) (raw)

Nick Coghlan ncoghlan at gmail.com
Sat Sep 5 13:59:48 CEST 2015

• Previous message (by thread): [Python-Dev] PEP 501 Shell Command Examples
• Next message (by thread): [Python-Dev] PEP 501 Shell Command Examples
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5 September 2015 at 12:36, Nikolaus Rath <Nikolaus at rath.org> wrote:

Hi Nick,

You are giving runcommand(sh(i"cat {filename}")) as an example that avoids injection attacks. While this is true, I think this is still a terrible anti-pattern[1] that should not be entombed in a PEP as a positive example. Could you consider removing it? (It doubly wastes resources by pointlessly calling a shell, and then by parsing & quoting the argument only for the shell to do the same in reverse).

Any reasonable implementation of that pattern wouldn't actually call a system shell, it would invoke something like Julia's command system.

Cheers, Nick.

-- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia

• Previous message (by thread): [Python-Dev] PEP 501 Shell Command Examples
• Next message (by thread): [Python-Dev] PEP 501 Shell Command Examples
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list