[issue26737] csv.DictReader throws generic error when fieldnames is accessed for non-text file

2016-04-12 Thread Berker Peksag 

Berker Peksag added the comment:

> The scenario is a web application allowing people to upload csv files, but 
> they can upload any files they like.

This looks like a potential security flaw in the application. The application 
should reject any non-CSV files from being uploaded (instead of relying on the 
CSV module).

Thanks for the report.

--
nosy: +berker.peksag
resolution:  -> not a bug
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26737] csv.DictReader throws generic error when fieldnames is accessed for non-text file

2016-04-12 Thread Bayo Opadeyi 

Bayo Opadeyi added the comment:

Yes, the problem is that the file is not csv. The scenario is a web application 
allowing people to upload csv files, but they can upload any files they like.

--
status: pending -> open

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26737] csv.DictReader throws generic error when fieldnames is accessed for non-text file

2016-04-11 Thread Serhiy Storchaka 

Changes by Serhiy Storchaka :


--
status: open -> pending

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26737] csv.DictReader throws generic error when fieldnames is accessed for non-text file

2016-04-11 Thread Josh Rosenberg 

Josh Rosenberg added the comment:

This already behaves usefully in 3.5 where reading fieldnames from a DictReader 
wrapping a file opened in binary mode gets you:

_csv.Error: iterator should return strings, not bytes (did you open the file in 
text mode?)

And 2.7 is highly unlikely to make fit and finish fixes at this stage in the 
game.

That said, not sure what you'd expect in 2.7; standard open in binary mode is 
correct there, and you'd get str either way. Is the problem that it's not a CSV 
file in the first place? Because Python 2's csv isn't encoding aware; as long 
as it doesn't have embedded NULs, anything could be legitimate data (csv 
doesn't have the context to say that it should be latin-1, EBCDIC, or whatever).

--
nosy: +josh.r

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26737] csv.DictReader throws generic error when fieldnames is accessed for non-text file

2016-04-11 Thread Bayo Opadeyi 

Changes by Bayo Opadeyi :


--
title: csv.DictReader throws generic error when fieldnames is accessed on 
non-text file -> csv.DictReader throws generic error when fieldnames is 
accessed for non-text file

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com