[Python-ideas] Draft PEP on string interpolation

Wes Turner wes.turner at gmail.com
Tue Aug 25 00:21:30 CEST 2015 

On Mon, Aug 24, 2015 at 5:06 PM, Mike Miller <python-ideas at mgmiller.net>
wrote:

>
> On 08/24/2015 02:54 PM, Paul Moore wrote:
> > Agreed. In a convenience library where it's absolutely clear that a
> > shell is involved (something like sarge or invoke) this is OK, but not
> > in the stdlib as the "official" way to call external programs.
>
> Don't focus on os.system(), it could be any function, and not particularly
> relevant, nor do I recommend this line as the official way.
>
> Remember Nick Coghlan's statement that the "easy way should be the right
> way"?
> That's what this is trying to accomplish.
>
> > - People will fail to understand the difference between e'...' and
> > f'...' and will use the wrong one when using os.system, and things
> > will work correctly but with security vulnerabilities.
>
> I don't recommend e'' and f'', only e'' at this moment.


How would e strings prevent this:

In [1]: import subprocess
In [2]: subprocess.call('echo 1\necho 2', shell=True)
1
2
Out[2]: 0

In [3]: import sarge
In [4]: sarge.run('echo 1\necho 2')
1 echo 2
Out[4]: <sarge.Pipeline at 0x7f3e8185e790>

In [5]: sarge.shell_quote??
Signature: sarge.shell_quote(s)
Source:
def shell_quote(s):
    """
    Quote text so that it is safe for Posix command shells.

    For example, "*.py" would be converted to "'*.py'". If the text is
    considered safe it is returned unquoted.

    :param s: The value to quote
    :type s: str (or unicode on 2.x)
    :return: A safe version of the input, from the point of view of Posix
             command shells
    :rtype: The passed-in type
    """
    assert isinstance(s, string_types)
    if not s:
        result = "''"
    elif not UNSAFE.search(s):
        result = s
    else:
        result = "'%s'" % s.replace("'", r"'\''")
    return result
File:      ~/.local/lib/python2.7/site-packages/sarge/__init__.py
Type:      function


>From a code review standpoint,
my eyes are tired
and I'd rather have more than 1 character to mistype
(because of the hamming distance between
really all of the proposed single-letter string prefixes,
and u'' and r'', and e")




>
>
> -Mike
>
> _______________________________________________
> Python-ideas mailing list
> Python-ideas at python.org
> https://mail.python.org/mailman/listinfo/python-ideas
> Code of Conduct: http://python.org/psf/codeofconduct/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150824/261d745d/attachment-0001.html>

More information about the Python-ideas mailing list