STINNER Victor <[email protected]> added the comment:
> In this case, having it off by default goes further to prevent breakage
PyYAML was unsafe by default: it allowed to execute arbitary Python code by
default. It took years to change the default to "safe". I don't think that
adding a parameter for opt-in for security is a good approach. An application
can use ipaddress internally without being aware of using it, if it's done by a
third party module. It's hard to prevent security vulnerabilities if people
have to "opt-in" for security.
I prefer to break code and force people to manually get back the old behavior.
It's better to make 90% safe by default but make 10% of people unhappy.
It's uncommon to pass IPv4 addresses with leading zeros.
If you want to tolerate leading zeros, you don't have to modify the ipaddress
for that, you can pre-process your inputs: it works on any Python version with
or without the fix.
>>> def reformat_ip(address): return '.'.join(part.lstrip('0') if part != '0'
>>> else part for part in address.split('.'))
...
>>> reformat_ip('0127.0.0.1')
'127.0.0.1'
Or with an explicit loop for readability:
def reformat_ip(address):
parts = []
for part in address.split('.'):
if part != "0":
part = part.lstrip('0')
parts.append(part)
return '.'.join(parts)
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue36384>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
