Yet Another Command Line Parser

Manlio Perillo NOmanlio_perilloSPAM at libero.it
Wed Oct 27 10:34:16 CEST 2004


On Tue, 26 Oct 2004 19:33:42 GMT, Andrew Dalke <adalke at mindspring.com>
wrote:

>Manlio Perillo wrote:
>> # add spaces to avoids errors like: 1 2, 3 4 -> (12, 34)
>> _options = ' '.join(sys.argv[1:])
>> 
>> def call(func):
>>     """
>>     Call func, passing to it the arguments from the command line
>>     """
>>     exec('func(' + _options + ')')
>
>> The only problem is that error messages are ugly.
>
>And it's a huge security hole.  What if I did
>
>
>script.py "x=6)\
>import os
>os.system('ls -l')"
>

I'm not sure (it does not works on Windows 'shell'), have you run this
code? It does not raises a SyntaxError?

>Even if not a security hole, it's tricky to handle the
>combined shell and Python escaping rules
>
>   script.py  x="This is a string"
>
>won't work, while
>
>   script.py  'x="This is a string"'
>

Actually on Windows the right syntax is 
script.py x='"This is a string"'

>should. Embedding ! and \escaped characters should be
>even more fun.
>


Thanks and regards   Manlio Perillo




More information about the Python-list mailing list