Why exception from os.path.exists()?
Marko Rauhamaa
marko at pacujo.net
Thu May 31 09:03:01 EDT 2018
Chris Angelico <rosuav at gmail.com>:
> On Thu, May 31, 2018 at 10:03 PM, Marko Rauhamaa <marko at pacujo.net> wrote:
>>
>> This surprising exception can even be a security issue:
>>
>> >>> os.path.exists("\0")
>> Traceback (most recent call last):
>> File "<stdin>", line 1, in <module>
>> File "/usr/lib64/python3.6/genericpath.py", line 19, in exists
>> os.stat(path)
>> ValueError: embedded null byte
>
> [...]
>
> A Unix path name cannot contain a null byte, so what you have is a
> fundamentally invalid name. ValueError is perfectly acceptable.
At the very least, that should be emphasized in the documentation. The
pathname may come from an external source. It is routine to check for
"/", "." and ".." but most developers (!?) would not think of checking
for "\0". That means few test suites would catch this issue and few
developers would think of catching ValueError here. The end result is
unpredictable.
Marko
More information about the Python-list
mailing list