os.popen & os.system lack shell-related security warnings (issue 21557)
1 Dec
2014
1 Dec
'14
2:46 p.m.
http://bugs.python.org/review/21557/diff/13339/Doc/library/os.rst File Doc/library/os.rst (right): http://bugs.python.org/review/21557/diff/13339/Doc/library/os.rst#newcode290... Doc/library/os.rst:2905: .. warning:: This warning is a little confusing to me. If input sanitization is the issue (which is a perfectly valid concern), why not explain the issue and how to plug the hole rather than discouraging its use altogether? As is, this reads a little strange to me given you're discouraging the use due to a specific case and then in the next paragraph explaining how to fix it. I'd rather just see an explanation of the possible security hole and how to account for it to make the usage here safe. http://bugs.python.org/review/21557/
3431
Age (days ago)
3431
Last active (days ago)
0 comments
1 participants
participants (1)
-
demianbrecht@gmail.com