<div dir="ltr"><p dir="ltr"><br>
On Apr 18, 2016 12:36 PM, "Wes Turner" <<a href="mailto:wes.turner@gmail.com" target="_blank">wes.turner@gmail.com</a>> wrote:<br>
><br>
><br>
> On Apr 18, 2016 12:30 PM, "Wes Turner" <<a href="mailto:wes.turner@gmail.com" target="_blank">wes.turner@gmail.com</a>> wrote:<br>
><br>
> > ><br>
> > > I think the users of oneline.py could be people that now write lots of<br>
> > > bash scripts and work on the command line. So whenever someone asks a<br>
> > > question somewhere about how to do X on the linux command line, we<br>
> > > might have the answer: """<br>
> > ><br>
> > > Q: On the linux commandline, how do I get only the filename from a<br>
> > > full path that is in $FILEPATH<br>
> > ><br>
> > > A: Python has this. You can use the tools in os.path:<br>
> > ><br>
> > > Filename:<br>
> > > $ oneline.py "os.path.basename('$FILEPATH')"<br>
> > ><br>
> > > Path to directory:<br>
> > > $ oneline.py "os.path.dirname('$FILEPATH')"<br>
> > > """<br>
> ><br>
> > FILEPATH='for'"example');"'subprocess.call("cat /etc/passwd", shell=True)'<br>
><br>
> sys.argv[1] (IFS=' ')<br>
> stdin (~IFS=$'\n')<br>
><br>
> ...<br>
><br>
> * <a href="https://github.com/westurner/dotfiles/blob/develop/scripts/el" target="_blank">https://github.com/westurner/dotfiles/blob/develop/scripts/el</a><br>
><br>
> * <a href="https://github.com/westurner/pyline/blob/master/pyline/pyline.py" target="_blank">https://github.com/westurner/pyline/blob/master/pyline/pyline.py</a> (considering adding an argument (in addition to the existing -m) for importlib.import_module))</p>
<p dir="ltr">another thing worth mentioning is that<br>
`ls` prints '?' for certain characters in filenames (e.g. newlines $'\n')<br>
so, | pipes with ls and xargs are bad/wrong/unsafe:</p>
<p dir="ltr">e.g.</p>
<p dir="ltr">$ touch 'file'$'\n''name'</p><p>$ ls 'file'* | xargs stat #ERR<br>$ find . -maxdepth 1 -name 'file*' | xargs stat #ERRless unsafe (?):</p><p>>> [x for x in os.listdir('.') if x.startswith('file')] # ['file\nname']</p><p>$ find . -maxdepth 1 -name 'file*' -print0 | xargs -0 stat</p><p>... </p><p>* "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" <a href="https://cwe.mitre.org/data/definitions/93.html">https://cwe.mitre.org/data/definitions/93.html</a></p><p>* CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') <a href="https://cwe.mitre.org/data/definitions/78.html">https://cwe.mitre.org/data/definitions/78.html</a></p><p dir="ltr">
> ><br>
> > ><br>
> > > This might be more appealing than python -c. The whole point is to<br>
> > > make Python's power available and visible for a larger audience.<br>
> > ><br>
> > > -Koos<br>
> > > _______________________________________________<br>
> > > Python-ideas mailing list<br>
> > > <a href="mailto:Python-ideas@python.org" target="_blank">Python-ideas@python.org</a><br>
> > > <a href="https://mail.python.org/mailman/listinfo/python-ideas" target="_blank">https://mail.python.org/mailman/listinfo/python-ideas</a><br>
> > > Code of Conduct: <a href="http://python.org/psf/codeofconduct/" target="_blank">http://python.org/psf/codeofconduct/</a><br>
</p>
</div>