New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PosixPath() constructor should not accept strings with embedded NUL bytes #66345
Comments
This is listed as a python3.4 issue even though I only tried this on the python2.7 backport because I don't have a python3 handy, but I was not able to find an indication, either here or elsewhere, that this had been addressed. Please forgive me if it has. The It appears that
Observed behavior: >>> from pathlib import Path
>>> Path("\0I'm not malicious, I'm mischievous!")
PosixPath("\x00I'm not malicious, I'm mischievous!")
>>> _.open()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File ".../site-packages/pathlib.py", line 1077, in open
return io.open(str(self), mode, buffering, encoding, errors, newline)
IOError: [Errno 2] No such file or directory: ''
>>> Path('/') / _
PosixPath("/\x00I'm not malicious, I'm mischievous!")
>>> _.open()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File ".../site-packages/pathlib.py", line 1077, in open
return io.open(str(self), mode, buffering, encoding, errors, newline)
IOError: [Errno 21] Is a directory: "/\x00I'm not malicious, I'm mischievous!"
>>> _.stat()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File ".../site-packages/pathlib.py", line 1051, in stat
return self._accessor.stat(self)
File ".../site-packages/pathlib.py", line 346, in wrapped
return strfunc(str(pathobj), *args)
TypeError: must be encoded string without NULL bytes, not str
>>> p1 = Path('/etc/passwd\0/hello.txt').open()
>>> p2 = Path('/etc/passwd').open()
>>> os.path.sameopenfile(p1.fileno(), p2.fileno())
True # DANGER WILL ROBINSON! Expected behavior: >>> Path("/\0I'm not malicious, I'm mischievous!")
...
ValueError: Illegal byte '\x00' in path |
Further digging reveals that the issue with |
This sounds like a reasonable request indeed. |
Here is the patch. |
If we do this then there are tests tha break, for instance test_is_symlink has this: self.assertIs((P / 'fileA\x00').is_file(), False) |
-1 from me, as it opens the door to validating filenames on Windows too, which is a can of worms. It will also slow path construction. |
@barneygale I think you have a good point here. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: