Re: Yet Another Command Line Parser
From: Manlio Perillo (NOmanlio_perilloSPAM_at_libero.it)
Date: 10/27/04
- Next message: Fred Pacquier: "Re: [warning: 99% OT] does anything like this exist ?..."
- Previous message: Cliff Wells: "Re: Please help - get average"
- In reply to: Andrew Dalke: "Re: Yet Another Command Line Parser"
- Next in thread: Ian Bicking: "Re: Yet Another Command Line Parser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 27 Oct 2004 08:34:16 GMT
On Tue, 26 Oct 2004 19:33:42 GMT, Andrew Dalke <adalke@mindspring.com>
wrote:
>Manlio Perillo wrote:
>> # add spaces to avoids errors like: 1 2, 3 4 -> (12, 34)
>> _options = ' '.join(sys.argv[1:])
>>
>> def call(func):
>> """
>> Call func, passing to it the arguments from the command line
>> """
>> exec('func(' + _options + ')')
>
>> The only problem is that error messages are ugly.
>
>And it's a huge security hole. What if I did
>
>
>script.py "x=6)\
>import os
>os.system('ls -l')"
>
I'm not sure (it does not works on Windows 'shell'), have you run this
code? It does not raises a SyntaxError?
>Even if not a security hole, it's tricky to handle the
>combined shell and Python escaping rules
>
> script.py x="This is a string"
>
>won't work, while
>
> script.py 'x="This is a string"'
>
Actually on Windows the right syntax is
script.py x='"This is a string"'
>should. Embedding ! and \escaped characters should be
>even more fun.
>
Thanks and regards Manlio Perillo
- Next message: Fred Pacquier: "Re: [warning: 99% OT] does anything like this exist ?..."
- Previous message: Cliff Wells: "Re: Please help - get average"
- In reply to: Andrew Dalke: "Re: Yet Another Command Line Parser"
- Next in thread: Ian Bicking: "Re: Yet Another Command Line Parser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
