Yet Another Command Line Parser
Andrew Dalke
adalke at mindspring.com
Tue Oct 26 15:33:42 EDT 2004
Manlio Perillo wrote:
> # add spaces to avoids errors like: 1 2, 3 4 -> (12, 34)
> _options = ' '.join(sys.argv[1:])
>
> def call(func):
> """
> Call func, passing to it the arguments from the command line
> """
> exec('func(' + _options + ')')
> The only problem is that error messages are ugly.
And it's a huge security hole. What if I did
script.py "x=6)\
import os
os.system('ls -l')"
Even if not a security hole, it's tricky to handle the
combined shell and Python escaping rules
script.py x="This is a string"
won't work, while
script.py 'x="This is a string"'
should. Embedding ! and \escaped characters should be
even more fun.
Andrew
dalke at dalkescientific.com
More information about the Python-list
mailing list