[issue39279] Don't allow non-Ascii digits in platform.py

Steve Dower added the comment: Without a source stating that version numbers will only ever contain ASCII digits (or a real-world counterexample), I see no reason to make a change here. Thanks for working on this, Ram! -- nosy: +steve.dower resolution: -> rejected stage: patch

[issue39279] Don't allow non-Ascii digits in platform.py

Ram Rachum added the comment: Hey Victor, adding you here. This ticket is a continuation of the thread on the Python security mailing list. I see that there isn't a consensus here for changing from \d to [0-9]. Can you make a decision on whether to go ahead with this issue or not? Otherwise

[issue39279] Don't allow non-Ascii digits in platform.py

Xiang Zhang added the comment: @Ezio, at least for my config they are all ASCII digits. But still I don't think there is any rush to change current behaviour. -- ___ Python tracker

[issue39279] Don't allow non-Ascii digits in platform.py

Mark Dickinson added the comment: > If you think I need to come up with a specific example where this can be > misused I think so, yes. :-) We shouldn't change this (and risk other breakage) without evidence that there's an actual problem. -- nosy: +mark.dickinson

[issue39279] Don't allow non-Ascii digits in platform.py

Ezio Melotti added the comment: Do you know/can you verify if Chinese versions of Windows/Linux/MacOS include non-ASCII version numbers (e.g. fullwidth digits)? -- ___ Python tracker

[issue39279] Don't allow non-Ascii digits in platform.py

Xiang Zhang added the comment: I can't understand the rational for rejecting localized digits though I don't know who will use them in practise. I'd rather fix it until there is a real problem with it. -- nosy: +xiang.zhang ___ Python tracker

[issue39279] Don't allow non-Ascii digits in platform.py

Ram Rachum added the comment: My approach is that any input that's unexpected by the developer but accepted by the program could cause either a bug or a security problem, and should be rejected by the program. I don't have a specific example for this case. If you think I need to come up

[issue39279] Don't allow non-Ascii digits in platform.py

Ezio Melotti added the comment: Can you elaborate on the rational for this proposed change? I'm not sure if there cases where the digits are non-ASCII, but if there are, is rejecting them the right thing to do? In the code there's a comment that mentions that the Windows version can be

[issue39279] Don't allow non-Ascii digits in platform.py

Change by Ram Rachum : -- pull_requests: +17336 pull_request: https://github.com/python/cpython/pull/17931 ___ Python tracker ___

[issue39279] Don't allow non-Ascii digits in platform.py

Change by Ram Rachum : -- keywords: +patch pull_requests: +17335 stage: -> patch review pull_request: https://github.com/python/cpython/pull/17928 ___ Python tracker ___

[issue39279] Don't allow non-Ascii digits in platform.py

New submission from Ram Rachum : The platform.py module takes non-Ascii digits in regexes in places it shouldn't. e.g. digits like ٢ and ５ and accepted, when only the Ascii digits between 0-9 should be accepted. -- components: Library (Lib) messages: 359694 nosy: cool-RR priority: