On Thu, May 31, 2018 at 11:03 PM, Marko Rauhamaa <ma...@pacujo.net> wrote:
> Chris Angelico <ros...@gmail.com>:
>
>> On Thu, May 31, 2018 at 10:03 PM, Marko Rauhamaa <ma...@pacujo.net> wrote:
>>>
>>> This surprising exception can even be a security issue:
>>>
>>> >>> os.path.exists("\0")
>>> Traceback (most recent call last):
>>> File "<stdin>", line 1, in <module>
>>> File "/usr/lib64/python3.6/genericpath.py", line 19, in exists
>>> os.stat(path)
>>> ValueError: embedded null byte
>>
>> [...]
>>
>> A Unix path name cannot contain a null byte, so what you have is a
>> fundamentally invalid name. ValueError is perfectly acceptable.
>
> At the very least, that should be emphasized in the documentation. The
> pathname may come from an external source. It is routine to check for
> "/", "." and ".." but most developers (!?) would not think of checking
> for "\0". That means few test suites would catch this issue and few
> developers would think of catching ValueError here. The end result is
> unpredictable.
The rules for paths come from the underlying system. You'll get quite
different results on Windows than you do on Unix. What should be
documented? Should it also be documented that you can get strange
errors when your path involves three different operating systems and
five different file systems? Is that Python's responsibility, or
should it be generally accepted that invalid values can cause
ValueError?
Do you have an actual use-case where it is correct for an invalid path
to be treated as not existing?
ChrisA
--
https://mail.python.org/mailman/listinfo/python-list
