On Sep 05 2015, Nick Coghlan <ncoghlan@gmail.com> wrote:
On 5 September 2015 at 12:36, Nikolaus Rath <Nikolaus@rath.org> wrote:
Hi Nick,
You are giving
runcommand(sh(i"cat {filename}"))
as an example that avoids injection attacks. While this is true, I think this is still a terrible anti-pattern[1] that should not be entombed in a PEP as a positive example.
Could you consider removing it?
(It doubly wastes resources by pointlessly calling a shell, and then by parsing & quoting the argument only for the shell to do the same in reverse).
Any reasonable implementation of that pattern wouldn't actually call a system shell, it would invoke something like Julia's command system.
That's obvious to someone like you who thinks about this in terms of the best implementation. To someone less experienced, or just coming at from a different angle, this example just says "writing a shell command is a good way to start an external program, as long as I take care of quoting". Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.«