[Python-ideas] Draft PEP on string interpolation
Wes Turner
wes.turner at gmail.com
Tue Aug 25 00:21:30 CEST 2015
On Mon, Aug 24, 2015 at 5:06 PM, Mike Miller <python-ideas at mgmiller.net>
wrote:
>
> On 08/24/2015 02:54 PM, Paul Moore wrote:
> > Agreed. In a convenience library where it's absolutely clear that a
> > shell is involved (something like sarge or invoke) this is OK, but not
> > in the stdlib as the "official" way to call external programs.
>
> Don't focus on os.system(), it could be any function, and not particularly
> relevant, nor do I recommend this line as the official way.
>
> Remember Nick Coghlan's statement that the "easy way should be the right
> way"?
> That's what this is trying to accomplish.
>
> > - People will fail to understand the difference between e'...' and
> > f'...' and will use the wrong one when using os.system, and things
> > will work correctly but with security vulnerabilities.
>
> I don't recommend e'' and f'', only e'' at this moment.
How would e strings prevent this:
In [1]: import subprocess
In [2]: subprocess.call('echo 1\necho 2', shell=True)
1
2
Out[2]: 0
In [3]: import sarge
In [4]: sarge.run('echo 1\necho 2')
1 echo 2
Out[4]: <sarge.Pipeline at 0x7f3e8185e790>
In [5]: sarge.shell_quote??
Signature: sarge.shell_quote(s)
Source:
def shell_quote(s):
"""
Quote text so that it is safe for Posix command shells.
For example, "*.py" would be converted to "'*.py'". If the text is
considered safe it is returned unquoted.
:param s: The value to quote
:type s: str (or unicode on 2.x)
:return: A safe version of the input, from the point of view of Posix
command shells
:rtype: The passed-in type
"""
assert isinstance(s, string_types)
if not s:
result = "''"
elif not UNSAFE.search(s):
result = s
else:
result = "'%s'" % s.replace("'", r"'\''")
return result
File: ~/.local/lib/python2.7/site-packages/sarge/__init__.py
Type: function
>From a code review standpoint,
my eyes are tired
and I'd rather have more than 1 character to mistype
(because of the hamming distance between
really all of the proposed single-letter string prefixes,
and u'' and r'', and e")
>
>
> -Mike
>
> _______________________________________________
> Python-ideas mailing list
> Python-ideas at python.org
> https://mail.python.org/mailman/listinfo/python-ideas
> Code of Conduct: http://python.org/psf/codeofconduct/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150824/261d745d/attachment-0001.html>
More information about the Python-ideas
mailing list