[Python-ideas] Add __main__ for uuid, random and urandom

Wes Turner wes.turner at gmail.com
Mon Apr 18 15:20:47 EDT 2016 

On Apr 18, 2016 12:36 PM, "Wes Turner" <wes.turner at gmail.com> wrote:
>
>
> On Apr 18, 2016 12:30 PM, "Wes Turner" <wes.turner at gmail.com> wrote:
>
> > >
> > > I think the users of oneline.py could be people that now write lots of
> > > bash scripts and work on the command line. So whenever someone asks a
> > > question somewhere about how to do X on the linux command line, we
> > > might have the answer: """
> > >
> > > Q: On the linux commandline, how do I get only the filename from a
> > > full path that is in $FILEPATH
> > >
> > > A: Python has this. You can use the tools in os.path:
> > >
> > > Filename:
> > > $ oneline.py "os.path.basename('$FILEPATH')"
> > >
> > > Path to directory:
> > > $ oneline.py "os.path.dirname('$FILEPATH')"
> > > """
> >
> > FILEPATH='for'"example');"'subprocess.call("cat /etc/passwd",
shell=True)'
>
> sys.argv[1]  (IFS=' ')
> stdin (~IFS=$'\n')
>
> ...
>
> * https://github.com/westurner/dotfiles/blob/develop/scripts/el
>
> * https://github.com/westurner/pyline/blob/master/pyline/pyline.py
(considering adding an argument (in addition to the existing -m) for
importlib.import_module))

another thing worth mentioning is that
`ls` prints '?' for certain characters in filenames (e.g. newlines $'\n')
so, | pipes  with ls and xargs are bad/wrong/unsafe:

e.g.

$ touch 'file'$'\n''name'

$ ls 'file'* | xargs stat  #ERR
$ find . -maxdepth 1 -name 'file*' | xargs stat  #ERRless unsafe (?):

>> [x for x in os.listdir('.') if x.startswith('file')]  # ['file\nname']

$ find . -maxdepth 1 -name 'file*' -print0 | xargs -0 stat

...

* "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"
https://cwe.mitre.org/data/definitions/93.html

* CWE-78: Improper Neutralization of Special Elements used in an OS Command
('OS Command Injection') https://cwe.mitre.org/data/definitions/78.html

> >
> > >
> > > This might be more appealing than python -c. The whole point is to
> > > make Python's power available and visible for a larger audience.
> > >
> > > -Koos
> > > _______________________________________________
> > > Python-ideas mailing list
> > > Python-ideas at python.org
> > > https://mail.python.org/mailman/listinfo/python-ideas
> > > Code of Conduct: http://python.org/psf/codeofconduct/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20160418/a9bd4eae/attachment.html>

More information about the Python-ideas mailing list