Sept. 5, 2015
2:36 a.m.
Hi Nick, You are giving runcommand(sh(i"cat {filename}")) as an example that avoids injection attacks. While this is true, I think this is still a terrible anti-pattern[1] that should not be entombed in a PEP as a positive example. Could you consider removing it? (It doubly wastes resources by pointlessly calling a shell, and then by parsing & quoting the argument only for the shell to do the same in reverse). Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.«