[New-bugs-announce] [issue13685] argparse does not sanitize help strings for % signs

Jeff Yurkiw report at bugs.python.org
Fri Dec 30 23:29:27 CET 2011

New submission from Jeff Yurkiw <jeff at cyan.com>:

I discovered this while programming the command line interface for a python program that can take a passed argument and throw it into the 'where like' clause of a SQL expression (intended for a postgresql database).

The wildcard character for where-like statements is generally the percent sign, which is how I found this ("WHERE %s LIKE '%--value%')".

If you use any single '%' signs in an ArgumentParser.new_argument(help=)'s help description Python 3.2 will throw an error.

Workaround: You can avoid this issue by doubling up on all % signs that you want to display in your help text.

parser.add_argument(('--foo', action='store',help='%bar') throws an error.
parser.add_argument(('--foo', action='store',help='%%bar') displays '--foo FOO   %bar'.

Suggested fix:
When assigning help strings from add_argument(), throw them through a sanitizer and replace all occurrences of '%' with '%%' behind the scenes.

Example code (argparseBug.py):

from argparse import ArgumentParser

parser = ArgumentParser()
parser.add_argument('--foo', action='store', help='%bar')

args = parser.parse_args('-h'.split())

You get the following stacktrace:
Traceback (most recent call last):
  File "/path/to/script/argparseBug.py", line 6, in <module>
    args = parser.parse_args('-h'.split())
  File "/usr/lib/python3.2/argparse.py", line 1701, in parse_args
    args, argv = self.parse_known_args(args, namespace)
  File "/usr/lib/python3.2/argparse.py", line 1733, in parse_known_args
    namespace, args = self._parse_known_args(args, namespace)
  File "/usr/lib/python3.2/argparse.py", line 1939, in _parse_known_args
    start_index = consume_optional(start_index)
  File "/usr/lib/python3.2/argparse.py", line 1879, in consume_optional
    take_action(action, args, option_string)
  File "/usr/lib/python3.2/argparse.py", line 1807, in take_action
    action(self, namespace, argument_values, option_string)
  File "/usr/lib/python3.2/argparse.py", line 994, in __call__
  File "/usr/lib/python3.2/argparse.py", line 2331, in print_help
    self._print_message(self.format_help(), file)
  File "/usr/lib/python3.2/argparse.py", line 2305, in format_help
    return formatter.format_help()
  File "/usr/lib/python3.2/argparse.py", line 279, in format_help
    help = self._root_section.format_help()
  File "/usr/lib/python3.2/argparse.py", line 209, in format_help
  File "/usr/lib/python3.2/argparse.py", line 209, in format_help
  File "/usr/lib/python3.2/argparse.py", line 515, in _format_action
    help_text = self._expand_help(action)
  File "/usr/lib/python3.2/argparse.py", line 601, in _expand_help
    return self._get_help_string(action) % params
ValueError: unsupported format character 'b' (0x62) at index 1

components: None
files: argparseBug.py
messages: 150404
nosy: Jeff.Yurkiw
priority: normal
severity: normal
status: open
title: argparse does not sanitize help strings for % signs
type: behavior
versions: Python 3.2
Added file: http://bugs.python.org/file24115/argparseBug.py

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list