Re: [Python-ideas] Add __main__ for uuid, random and urandom
On Apr 18, 2016 12:30 PM, "Wes Turner" <wes.turner@gmail.com> wrote:
I think the users of oneline.py could be people that now write lots of bash scripts and work on the command line. So whenever someone asks a question somewhere about how to do X on the linux command line, we might have the answer: """
Q: On the linux commandline, how do I get only the filename from a full path that is in $FILEPATH
A: Python has this. You can use the tools in os.path:
Filename: $ oneline.py "os.path.basename('$FILEPATH')"
Path to directory: $ oneline.py "os.path.dirname('$FILEPATH')" """
FILEPATH='for'"example');"'subprocess.call("cat /etc/passwd", shell=True)'
sys.argv[1] (IFS=' ') stdin (~IFS=$'\n') ... * https://github.com/westurner/dotfiles/blob/develop/scripts/el * https://github.com/westurner/pyline/blob/master/pyline/pyline.py (considering adding an argument (in addition to the existing -m) for importlib.import_module))
This might be more appealing than python -c. The whole point is to make Python's power available and visible for a larger audience.
-Koos _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
On Apr 18, 2016 12:36 PM, "Wes Turner" <wes.turner@gmail.com> wrote:
On Apr 18, 2016 12:30 PM, "Wes Turner" <wes.turner@gmail.com> wrote:
I think the users of oneline.py could be people that now write lots of bash scripts and work on the command line. So whenever someone asks a question somewhere about how to do X on the linux command line, we might have the answer: """
Q: On the linux commandline, how do I get only the filename from a full path that is in $FILEPATH
A: Python has this. You can use the tools in os.path:
Filename: $ oneline.py "os.path.basename('$FILEPATH')"
Path to directory: $ oneline.py "os.path.dirname('$FILEPATH')" """
FILEPATH='for'"example');"'subprocess.call("cat /etc/passwd",
shell=True)'
sys.argv[1] (IFS=' ') stdin (~IFS=$'\n')
...
* https://github.com/westurner/dotfiles/blob/develop/scripts/el
* https://github.com/westurner/pyline/blob/master/pyline/pyline.py
(considering adding an argument (in addition to the existing -m) for importlib.import_module)) another thing worth mentioning is that `ls` prints '?' for certain characters in filenames (e.g. newlines $'\n') so, | pipes with ls and xargs are bad/wrong/unsafe: e.g. $ touch 'file'$'\n''name' $ ls 'file'* | xargs stat #ERR $ find . -maxdepth 1 -name 'file*' | xargs stat #ERRless unsafe (?):
[x for x in os.listdir('.') if x.startswith('file')] # ['file\nname']
$ find . -maxdepth 1 -name 'file*' -print0 | xargs -0 stat ... * "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" https://cwe.mitre.org/data/definitions/93.html * CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') https://cwe.mitre.org/data/definitions/78.html
This might be more appealing than python -c. The whole point is to make Python's power available and visible for a larger audience.
-Koos _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
participants (1)
-
Wes Turner