On Apr 18, 2016 12:36 PM, "Wes Turner" <wes.turner@gmail.com> wrote:

On Apr 18, 2016 12:30 PM, "Wes Turner" <wes.turner@gmail.com> wrote:

...

...

I think the users of oneline.py could be people that now write lots of bash scripts and work on the command line. So whenever someone asks a question somewhere about how to do X on the linux command line, we might have the answer: """

Q: On the linux commandline, how do I get only the filename from a full path that is in $FILEPATH

A: Python has this. You can use the tools in os.path:

Filename: $ oneline.py "os.path.basename('$FILEPATH')"

Path to directory: $ oneline.py "os.path.dirname('$FILEPATH')" """

FILEPATH='for'"example');"'subprocess.call("cat /etc/passwd",

shell=True)'

sys.argv[1] (IFS=' ') stdin (~IFS=$'\n')

...

* https://github.com/westurner/dotfiles/blob/develop/scripts/el

* https://github.com/westurner/pyline/blob/master/pyline/pyline.py

(considering adding an argument (in addition to the existing -m) for importlib.import_module)) another thing worth mentioning is that `ls` prints '?' for certain characters in filenames (e.g. newlines $'\n') so, | pipes with ls and xargs are bad/wrong/unsafe: e.g. $ touch 'file'$'\n''name' $ ls 'file'* | xargs stat #ERR $ find . -maxdepth 1 -name 'file*' | xargs stat #ERRless unsafe (?):

...

[x for x in os.listdir('.') if x.startswith('file')] # ['file\nname']

$ find . -maxdepth 1 -name 'file*' -print0 | xargs -0 stat ... * "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" https://cwe.mitre.org/data/definitions/93.html * CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') https://cwe.mitre.org/data/definitions/78.html

...

...

This might be more appealing than python -c. The whole point is to make Python's power available and visible for a larger audience.

-Koos _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/

On Apr 18, 2016 12:36 PM, "Wes Turner" <wes.turner@gmail.com> wrote:

On Apr 18, 2016 12:30 PM, "Wes Turner" <wes.turner@gmail.com> wrote:

...

...

I think the users of oneline.py could be people that now write lots of bash scripts and work on the command line. So whenever someone asks a question somewhere about how to do X on the linux command line, we might have the answer: """

Q: On the linux commandline, how do I get only the filename from a full path that is in $FILEPATH

A: Python has this. You can use the tools in os.path:

Filename: $ oneline.py "os.path.basename('$FILEPATH')"

Path to directory: $ oneline.py "os.path.dirname('$FILEPATH')" """

FILEPATH='for'"example');"'subprocess.call("cat /etc/passwd",

shell=True)'

sys.argv[1] (IFS=' ') stdin (~IFS=$'\n')

...

* https://github.com/westurner/dotfiles/blob/develop/scripts/el

* https://github.com/westurner/pyline/blob/master/pyline/pyline.py

(considering adding an argument (in addition to the existing -m) for importlib.import_module)) another thing worth mentioning is that `ls` prints '?' for certain characters in filenames (e.g. newlines $'\n') so, | pipes with ls and xargs are bad/wrong/unsafe: e.g. $ touch 'file'$'\n''name' $ ls 'file'* | xargs stat #ERR $ find . -maxdepth 1 -name 'file*' | xargs stat #ERRless unsafe (?):

...

[x for x in os.listdir('.') if x.startswith('file')] # ['file\nname']

$ find . -maxdepth 1 -name 'file*' -print0 | xargs -0 stat ... * "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" https://cwe.mitre.org/data/definitions/93.html * CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') https://cwe.mitre.org/data/definitions/78.html

...

...

This might be more appealing than python -c. The whole point is to make Python's power available and visible for a larger audience.

-Koos _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/