Chris Angelico <ros...@gmail.com>:
> On Thu, May 31, 2018 at 10:03 PM, Marko Rauhamaa <ma...@pacujo.net> wrote:
>>
>> This surprising exception can even be a security issue:
>>
>> >>> os.path.exists("\0")
>> Traceback (most recent call last):
>> File "<stdin>", line 1, in <module>
>> File "/usr/lib64/python3.6/genericpath.py", line 19, in exists
>> os.stat(path)
>> ValueError: embedded null byte
>
> [...]
>
> A Unix path name cannot contain a null byte, so what you have is a
> fundamentally invalid name. ValueError is perfectly acceptable.
At the very least, that should be emphasized in the documentation. The
pathname may come from an external source. It is routine to check for
"/", "." and ".." but most developers (!?) would not think of checking
for "\0". That means few test suites would catch this issue and few
developers would think of catching ValueError here. The end result is
unpredictable.
Marko
--
https://mail.python.org/mailman/listinfo/python-list
