Why exception from os.path.exists()?
Marko Rauhamaa
marko at pacujo.net
Thu Jun 7 05:40:43 EDT 2018
Marko Rauhamaa <marko at pacujo.net>:
> This is a security risk. Here is a brief demonstration. Copy the example
> HTTP server from:
>
> <URL: https://docs.python.org/3/library/http.server.html?highlight=h
> ttp#http.server.SimpleHTTPRequestHandler>
>
> [...]
>
> 3. http://localhost:8000/te%00st.html
>
> => The server crashes with a ValueError and the TCP connection is
> reset
An exercise for the reader: provide a fix for the example server so the
request returns a 404 response just like any other nonexistent resource.
Marko
More information about the Python-list
mailing list