Yet Another Command Line Parser
Manlio Perillo
NOmanlio_perilloSPAM at libero.it
Wed Oct 27 04:34:16 EDT 2004
On Tue, 26 Oct 2004 19:33:42 GMT, Andrew Dalke <adalke at mindspring.com>
wrote:
>Manlio Perillo wrote:
>> # add spaces to avoids errors like: 1 2, 3 4 -> (12, 34)
>> _options = ' '.join(sys.argv[1:])
>>
>> def call(func):
>> """
>> Call func, passing to it the arguments from the command line
>> """
>> exec('func(' + _options + ')')
>
>> The only problem is that error messages are ugly.
>
>And it's a huge security hole. What if I did
>
>
>script.py "x=6)\
>import os
>os.system('ls -l')"
>
I'm not sure (it does not works on Windows 'shell'), have you run this
code? It does not raises a SyntaxError?
>Even if not a security hole, it's tricky to handle the
>combined shell and Python escaping rules
>
> script.py x="This is a string"
>
>won't work, while
>
> script.py 'x="This is a string"'
>
Actually on Windows the right syntax is
script.py x='"This is a string"'
>should. Embedding ! and \escaped characters should be
>even more fun.
>
Thanks and regards Manlio Perillo
More information about the Python-list
mailing list