Problem reading with bz2.BZ2File(). Bug?

2006-11-15 Thread Clodoaldo Pinto Neto 
When comparing two files which should be equal the last line is
different:

The first file is a bzip2 compressed file and is read with
bz2.BZ2File()
The second file is the same file uncompressed and read with open()

The first file named file.txt.bz2 is uncompressed with:

$ bunzip2 -k file.txt.bz2

To compare I use this script:
###
import bz2

f1 = bz2.BZ2File(r'file.txt.bz2', 'r')
f2 = open(r'file.txt', 'r')
lines = 0
while True:
   line1 = f1.readline()
   line2 = f2.readline()
   if line1 == '':
  break
   lines += 1
   if line1 != line2:
  print 'line number:', lines
  print repr(line1)
  print repr(line2)
f1.close()
f2.close()
##

The offending file is 5.5 MB. Sorry, i could not reproduce this problem
with a smaller file.
http://fahstats.com/img/file.txt.bz2

Regards, Clodoaldo Pinto Neto

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Problem reading with bz2.BZ2File(). Bug?

2006-11-15 Thread Clodoaldo Pinto Neto 

Fredrik Lundh wrote:
 Clodoaldo Pinto Neto wrote:

  The offending file is 5.5 MB. Sorry, i could not reproduce this problem
  with a smaller file.

 but surely you can post the repr() of the last two lines?

This is the output:

$ python bzp.py
line number: 588317
'\x07'
''

Clodoaldo

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Problem reading with bz2.BZ2File(). Bug?

2006-11-15 Thread Clodoaldo Pinto Neto 
Leo Kislov wrote:
 Confirmed on windows with 2.4 and 2.5:

 C:\p\Python24\python.exe bzp.py
 line number: 588317
 '\x1e'
 ''

 C:\p\Python25\python.exe bzp.py
 line number: 588317
 '\x1e'
 ''

 Looks like one byte of garbage is appended at the end of file. Please
 file a bug report.

Bug number 1597011

Clodoaldo

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Output from subprocess.Popen()

2006-10-17 Thread Clodoaldo Pinto Neto 
Fredrik Lundh wrote:
 Clodoaldo Pinto Neto wrote:

  But I still don't understand what is happening. The manual says that
  when shell=True the executable argument specifies which shell to use:

 no, it says that when shell=True, it runs the command through the
 default shell.  that is, it hands it over to the shell for execution,
 pretty much as if you'd typed it in yourself.

If shell=True, the executable argument specifies which shell to use.

Taken from 6.8.1 v2.4:

The executable argument specifies the program to execute. It is very
seldom needed: Usually, the program to execute is defined by the args
argument. If shell=True, the executable argument specifies which shell
to use. On Unix, the default shell is /bin/sh. On Windows, the default
shell is specified by the COMSPEC environment variable.

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Output from subprocess.Popen()

2006-10-16 Thread Clodoaldo Pinto Neto 
Now we have 3 different outputs from 3 people to the command:
 f = subprocess.Popen(set | grep IFS, shell=True,
 stdout=subprocess.PIPE)
 f.stdout.readlines()

From me on FC5:
[BASH_EXECUTION_STRING='set | grep IFS'\n, IFS=' \t\n]

From Fredrik Lundh on unknown OS:
[IFS=$' \\t\\n'\n]

From Sion Arrowsmith on Debian 1:3.3.5-12:
[IFS=' \t\n]

I found this problem while developing a CGI shell:
http://code.google.com/p/cgpy-shell/

Although the cgi-shell is working quite well, this issue is a show
stopper for that project. I need a stable/reliable output from Popen().
It looks like each bash or sh version outputs things differently, with
different escaping.

It is not a problem if there is only one or more than one line in the
returned list as i will always get the last one. The problem is the
escaping.

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Output from subprocess.Popen()

2006-10-16 Thread Clodoaldo Pinto Neto 
Fredrik Lundh wrote:
 [EMAIL PROTECTED] wrote:

  I can't see any obvious way to ask subprocess to use a shell other than
  the default.

 -c ?

   f = Popen([/bin/bash, -c, set|grep IFS], stdout=PIPE)
   f.stdout.read()
 IFS=$' \\t\\n'\n
   f = Popen([/bin/sh, -c, set|grep IFS], stdout=PIPE)
   f.stdout.read()
 IFS=' \t\n

It solves my problem:
 f = sub.Popen(['/bin/sh', '-c', 'set|grep IFS'], stdout=sub.PIPE)
 f.stdout.read()
BASH_EXECUTION_STRING='set|grep IFS'\nIFS=' \t\n
 f = sub.Popen(['/bin/bash', '-c', 'set|grep IFS'], stdout=sub.PIPE)
 f.stdout.read()
BASH_EXECUTION_STRING='set|grep IFS'\nIFS=$' \\t\\n'\n

But I still don't understand what is happening. The manual says that
when shell=True the executable argument specifies which shell to use:

 f = sub.Popen('set|grep IFS', shell=True, executable='/bin/sh', 
 stdout=sub.PIPE)
 f.stdout.read()
BASH_EXECUTION_STRING='set|grep IFS'\nIFS=' \t\n
 f = sub.Popen('set|grep IFS', shell=True, executable='/bin/bash', 
 stdout=sub.PIPE)
 f.stdout.read()
BASH_EXECUTION_STRING='set|grep IFS'\nIFS=' \t\n

To make my confusion bigger, in Fedora sh is just a link to bash:
$ ll /bin/*sh
-rwxr-xr-x 1 root root  720888 Feb 11  2006 /bin/bash
lrwxrwxrwx 1 root root   4 Aug 28 22:53 /bin/csh - tcsh
-rwxr-xr-x 1 root root 1175496 Aug 17 13:19 /bin/ksh
lrwxrwxrwx 1 root root   4 Feb 24  2006 /bin/sh - bash
-rwxr-xr-x 1 root root  349312 Aug 17 15:20 /bin/tcsh
-rwxr-xr-x 1 root root  514668 Feb 12  2006 /bin/zsh

-- 
http://mail.python.org/mailman/listinfo/python-list

Output from subprocess.Popen()

2006-10-15 Thread Clodoaldo Pinto Neto 
Output from the shell:

[EMAIL PROTECTED] teste]$ set | grep IFS
IFS=$' \t\n'

Output from subprocess.Popen():

 import subprocess as sub
 p = sub.Popen('set | grep IFS', shell=True, stdout=sub.PIPE)
 p.stdout.readlines()[1]
IFS=' \t\n

Both outputs for comparison:
IFS=$' \t\n'
IFS=' \t\n

The subprocess.Popen() output is missing the $ and the last '

How to get the raw shell output from subprocess.Popen()?

Regards, Clodoaldo Pinto Neto

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Output from subprocess.Popen()

2006-10-15 Thread Clodoaldo Pinto Neto 

Fredrik Lundh wrote:
 this works for me:

   f = subprocess.Popen(set | grep IFS, shell=True,
 stdout=subprocess.PIPE)
   f.stdout.readlines()
 [IFS=$' \\t\\n'\n]

 what does the above return on your machine?

 f = subprocess.Popen(set | grep IFS, shell=True, stdout=subprocess.PIPE)
 f.stdout.readlines()
[BASH_EXECUTION_STRING='set | grep IFS'\n, IFS=' \t\n]

I'm on FC5

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: CGI Tutorial

2006-10-06 Thread Clodoaldo Pinto Neto 
[EMAIL PROTECTED] wrote:
 Clodoaldo Pinto Neto wrote:

  print 'pThe submited name was ' + name + '/p'

 Bzzt! Script injection security hole. See cgi.escape and use it (or a
 similar function) for *all* text - HTML output.

  open('files/' + fileitem.filename, 'w')

 BZZT. filesystem overwriting security hole, possibly escalatable to
 code execution. clue: fileitem.filename= '../../something.py'

Do you think os.path.basename() is good enough?

#!/usr/bin/env python
import cgi, os.path

form = cgi.FieldStorage()
fileitem = form['file']
fn = fileitem.filename
fnb = os.path.basename(fn)

print \
Content-Type: text/plain\n
filename = %s
basename = %s
 % (fn, fnb)


[EMAIL PROTECTED] ~]$ nc teste.s0 80
POST /cgi-bin/dir_traversal.py HTTP/1.1
Host: teste.s0
Content-Type: multipart/form-data;
boundary=---170451527316340742161395972977
Content-Length: 226

-170451527316340742161395972977
Content-Disposition: form-data; name=file; filename=../test.txt
Content-Type: text/plain

file text

-170451527316340742161395972977--
HTTP/1.1 200 OK
Date: Fri, 06 Oct 2006 20:48:58 GMT
Server: Apache/2.2.2 (Fedora)
Content-Length: 48
Content-Type: text/plain; charset=UTF-8

filename = ../test.txt
basename = test.txt


Regards, Clodoaldo

-- 
http://mail.python.org/mailman/listinfo/python-list

CGI Tutorial

2006-10-04 Thread Clodoaldo Pinto Neto 
I'm just building a Python CGI Tutorial and would appreciate any
feedback from the many experts in this list.

Regards, Clodoaldo Pinto Neto

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: CGI Tutorial

2006-10-04 Thread Clodoaldo Pinto Neto 
Clodoaldo Pinto Neto wrote:
 I'm just building a Python CGI Tutorial and would appreciate any
 feedback from the many experts in this list.

http://webpython.codepoint.net

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: CGI Tutorial

2006-10-04 Thread Clodoaldo Pinto Neto 
Clodoaldo Pinto Neto wrote:
 I'm just building a Python CGI Tutorial and would appreciate any
 feedback from the many experts in this list.

http://webpython.codepoint.net

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: CGI Tutorial

2006-10-04 Thread Clodoaldo Pinto Neto 
2006/10/4, Tim Chase [EMAIL PROTECTED]:
  I'm just building a Python CGI Tutorial and would appreciate any
  feedback from the many experts in this list.
 
  http://webpython.codepoint.net


 Thanks! :)

 My first note would be regarding

 http://webpython.codepoint.net/shell_commands

 The code is very dangerous...allowing any ol' schmoe to run
 arbitrary code on your server.  At the barest of minimums, I'd
 plaster the code with warnings that this is a Very Dangerous
 Thing(tm) to do.

I though the danger was so obvious that i didn't bother. Now i have
issued a warning.

 Similarly, regarding

 http://webpython.codepoint.net/debugging

 you might want to caution that this will/can display potentially
 sensitive information (passwords, internal file-structure, etc),
 and thus should only be used while debugging, and turned off in
 any sort of production code.

Yes, another warning was issued.

Thanks for your help. Clodoaldo Pinto Neto
-- 
http://mail.python.org/mailman/listinfo/python-list