[Python-ideas] Updated PEP 428 (pathlib)
Antoine Pitrou
solipsis at pitrou.net
Tue Mar 5 10:16:38 CET 2013
Le Sun, 3 Mar 2013 15:12:09 +0100,
Charles-François Natali
<cf.natali at gmail.com> a écrit :
> > Yes. We could call it
> > "root" (http://en.wikipedia.org/wiki/Root_%28linguistics%29) but in
> > this context it would be confusing. Also, it's not exactly the root
> > since as you point there can still be a remaining suffix.
>
> Indeed, "root" would be even more confusing.
>
> > There's "stem", too (http://en.wikipedia.org/wiki/Word_stem). With
> > the same provision about not being the actual stem.
>
> Also, it doesn't sound familiar (at least to me).
>
> How about "rootname", or "stripped_name" (the last one is a little
> too long)?
"rootname" is confusing because of filesystem roots, and the second is
too long (not to mention it's not obvious what has been stripped).
I really prefer "basename" or, if people are hostile, "stem".
> > Yes, I think we could add a `allow_recursive` argument.
> > Is there any other DoS issue?
>
> If by recursive you mean the '**' pattern (cross-directory match),
> then I'm afraid that's not enough.
> For example, a pattern like '*/../*/../*/../*/../*' would have the
> same problem:
Mmmh, I don't know how to guard against that. Perhaps by disallowing
".." in glob patterns? But the problem could still appear with symlinks.
To be honest I don't think allowing untrusted users to specify a glob
pattern is a very good idea. On the other hand, for the common use
cases such as configuration files, the user should be trustable.
Regards
Antoine.
More information about the Python-ideas
mailing list