[Python-ideas] Built-in parsing library
Nam Nguyen
bitsink at gmail.com
Mon Apr 1 16:08:02 EDT 2019
Sure! Same examples mentioned in Victor's
https://vstinner.github.io/tag/security.html could have been fixed by
having a more proper parser. This one that I helped author was also a
parsing issue.
https://python-security.readthedocs.io/vuln/bpo-30500_urllib_connects_to_a_wrong_host.html
Thanks for the pointer to pgen2, Guido. I have only quickly skimmed through
it and thought it was really closely tied to the Python language. Maybe I'm
wrong, so I'll need some time to try it out on some of those previous
security fixes.
Cheers,
Nam
On Mon, Apr 1, 2019 at 12:17 PM Nathaniel Smith <njs at pobox.com> wrote:
> On Sun, Mar 31, 2019 at 9:17 PM Nam Nguyen <bitsink at gmail.com> wrote:
> > Installing a package out of stdlib does not solve the problem that
> motivated this thread. The libraries included in the stdlib can't use those
> parsers.
>
> Can you be more specific about exactly which code in the stdlib you
> think should be rewritten to use a parsing library?
>
> -n
>
> --
> Nathaniel J. Smith -- https://vorpus.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20190401/c59f6aff/attachment.html>
More information about the Python-ideas
mailing list