New submission from Christian Heimes <li...@cheimes.de>: The shlex module implements simple tokenize for a shell-like mini language. The shlex.split() function splits a string into subcomponents just like a typical Unix shell. However function has a surprising feature. When None is passed into shlex.split().
Note: Since the split() function instantiates a shlex instance, passing None for s will read the string to split from standard input. https://docs.python.org/3/library/shlex.html#shlex.split This is both surprising, unnecessary and potentially dangerous. Reading from sys.stdin is a blocking operation. In case an application doesn't account for None, shlex.split(value) could lead to a blocked server application. I suggest to deprecate and eventually remove this mis-feature. Credits: David R. MacIver reported the bug on Twitter: https://twitter.com/DRMacIver/status/984001867985367040 ---------- messages: 315189 nosy: christian.heimes priority: normal severity: normal stage: needs patch status: open title: Deprecate shlex.split(None) to read from stdin. type: behavior versions: Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue33262> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
