Sure! Same examples mentioned in Victor's https://vstinner.github.io/tag/security.html could have been fixed by having a more proper parser. This one that I helped author was also a parsing issue.

https://python-security.readthedocs.io/vuln/bpo-30500_urllib_connects_to_a_wrong_host.html

Thanks for the pointer to pgen2, Guido. I have only quickly skimmed through it and thought it was really closely tied to the Python language. Maybe I'm wrong, so I'll need some time to try it out on some of those previous security fixes.

Cheers,

Nam

On Mon, Apr 1, 2019 at 12:17 PM Nathaniel Smith <njs@pobox.com> wrote:

On Sun, Mar 31, 2019 at 9:17 PM Nam Nguyen <bitsink@gmail.com> wrote:
> Installing a package out of stdlib does not solve the problem that motivated this thread. The libraries included in the stdlib can't use those parsers.

Can you be more specific about exactly which code in the stdlib you
think should be rewritten to use a parsing library?

-n

--
Nathaniel J. Smith -- https://vorpus.org