correct way to catch exception with Python 'with' statement

Steve D'Aprano steve+python at pearwood.info
Wed Nov 30 20:06:04 EST 2016 

On Wed, 30 Nov 2016 05:35 pm, DFS wrote:

> On 11/29/2016 10:20 PM, Steven D'Aprano wrote:
>> On Wednesday 30 November 2016 10:59, woooee at gmail.com wrote:
>>
>>> If you want to do something only if the file exists (or does not), use
>>> os.path.isfile(filename)
>>
>> No, don't do that. Just because the file exists, doesn't mean that you
>> have permission to read or write to it.
> 
> You're assuming the OP (woooee) wants to do something with the file - he
> didn't say that.

Woooee isn't the Original Poster. I was replying to woooee, who
suggested "if you want to do something ...".

I suppose that it is conceivable that someone might want to merely check for
the file's existence, but not do any further processing. But that's rather
unusual.

In any case, the OP (Ganesh Pal) explicitly shows code which opens the file.


>> Worse, the code is vulnerable to race conditions. Look at this:
>>
>> if os.path.isfile(filename):
>>     with open(filename) as f:
>>         process(f)
>>
>>
>> Just because the file exists when you test it, doesn't mean it still
>> exists a millisecond later when you go to open the file. On a modern
>> multi-processing system, like Windows, OS X or Linux, a lot can happen in
>> the microseconds between checking for the file's existence and actually
>> accessing the file.
>>
>> This is called a "Time Of Check To Time Of Use" bug, and it can be a
>> security vulnerability.
> 
> 
> Got any not-blatantly-contrived code to simulate that sequence?

It doesn't take much to imagine two separate processes both operating on the
same directory of files. One process deletes or renames a file just before
the other tries to access it. Most sys admins I've spoken to have
experienced a process or script dying because "something must have deleted
a file before it was used", so I'm gobsmacked by your skepticism that this
is a real thing.

How about a real, actual software vulnerability? And not an old one.

http://www.theregister.co.uk/2016/04/22/applocker_bypass/

https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2013/2013-12-04_-_ncc_-_technical_paper_-_bypassing_windows_applocker-2.pdf


More here:

http://cwe.mitre.org/data/definitions/367.html


> Would this take care of race conditions?

Probably not, since locks are generally cooperative. The right way to
recover from an error opening a file (be it permission denied or file not
found or something more exotic) is to wrap the open() in a try...except
block.




-- 
Steve
“Cheer up,” they said, “things could be worse.” So I cheered up, and sure
enough, things got worse.

More information about the Python-list mailing list