473,397 Members | 1,972 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > safeconfigparser can set unsafe values

Join Bytes to post your question to a community of 473,397 software developers and data experts.

SafeConfigParser can set unsafe values

SafeConfigParser is supposed to be safer than ConfigParser, but calling
set with a string value containing '%' generates exceptions when you
get() it back.

Python 2.5.1 (r251:54863, Apr 25 2007, 21:31:46)
[GCC 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>import configparser
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ImportError: No module named configparser
>>import ConfigParser

x=ConfigParser.SafeConfigParser()
x.add_section('test')
x.set('test', 'a', 'hi%there')
x.get('test', 'a')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.5/ConfigParser.py", line 525, in get
return self._interpolate(section, option, value, d)
File "/usr/lib/python2.5/ConfigParser.py", line 593, in _interpolate
self._interpolate_some(option, L, rawval, section, vars, 1)
File "/usr/lib/python2.5/ConfigParser.py", line 634, in _interpolate_some
"'%%' must be followed by '%%' or '(', found: %r" % (rest,))
ConfigParser.InterpolationSyntaxError: '%' must be followed by '%' or
'(', found: '%there'
ConfigParser does not do this:
>>y=ConfigParser.ConfigParser()
y.add_section('test')
y.set('test', 'a', 'hi%there')
y.get('test', 'a')
'hi%there'
Should SafeConfigParser.set() be escaping automatically?

Hamish
Jul 10 '07 #1
4 3823
Should SafeConfigParser.set() be escaping automatically?

It seems like that would be a nice feature. However, may I offer up
that if you are setting an option and then later on getting that value
back in the same program, you probably should have used some other
storage mechanism in the first place. That is, you shouldn't store
values needed during the runtime of your program in a ConfigParser
instance.

As far as I can tell, these are the valid use cases for ConfigParser:

1. Use ConfigParser to read values from an config file
- This implies .read() followed by .get()s
2. Use ConfigParser to create and write a config file
- This implies .set()s followed by .write()
3. Use ConfigParser to read, modify and write a config file.
- This implies .read() followed by .get()s followed by .set()s
followed by .write()

None of the above use cases involve calling .get() after a .set().
Perhaps I am missing a use case though.

While I think you have technically pointed out a potential bug, I'm
not sure why it matters. Such a bug only comes about for (IMHO) flawed
use cases.

Matt

Jul 10 '07 #2
En Tue, 10 Jul 2007 20:53:51 -0300, Matimus <mc******@gmail.comescribió:
>Should SafeConfigParser.set() be escaping automatically?

It seems like that would be a nice feature. However, may I offer up
that if you are setting an option and then later on getting that value
back in the same program, you probably should have used some other
storage mechanism in the first place. That is, you shouldn't store
values needed during the runtime of your program in a ConfigParser
instance.

As far as I can tell, these are the valid use cases for ConfigParser:

1. Use ConfigParser to read values from an config file
- This implies .read() followed by .get()s
2. Use ConfigParser to create and write a config file
- This implies .set()s followed by .write()
3. Use ConfigParser to read, modify and write a config file.
- This implies .read() followed by .get()s followed by .set()s
followed by .write()

None of the above use cases involve calling .get() after a .set().
Perhaps I am missing a use case though.

While I think you have technically pointed out a potential bug, I'm
not sure why it matters. Such a bug only comes about for (IMHO) flawed
use cases.
This not only happens when get() after a set(), but with all the use cases
above. An intervening write()/read() does not change things.
But I'm not sure it is a bug really. If all % were escaped automatically,
there is no way to write a templatized value. Maybe SafeConfigParser.set
should grow an escape argument, controlling whether one wants the value
escaped or not. For compatibility reasons should default to False, for
usability reasons should default to True.

--
Gabriel Genellina

Jul 11 '07 #3
Matimus wrote:
>Should SafeConfigParser.set() be escaping automatically?

It seems like that would be a nice feature. However, may I offer up
that if you are setting an option and then later on getting that value
back in the same program, you probably should have used some other
storage mechanism in the first place. That is, you shouldn't store
values needed during the runtime of your program in a ConfigParser
instance.
I agree, but that was a trivial example to demonstrate the problem.
Writing the file out to disk writes it exactly as set(), causing a get()
to fail just the same later.
While I think you have technically pointed out a potential bug, I'm
not sure why it matters. Such a bug only comes about for (IMHO) flawed
use cases.
Sorry, that's incorrect.
Hamish
Jul 11 '07 #4
I agree, but that was a trivial example to demonstrate the problem.
Writing the file out to disk writes it exactly as set(), causing a get()
to fail just the same later.
No... The above statement is not true.

The following code:

Expand|Select|Wrap|Line Numbers
  1. from ConfigParser import *
  2. import sys
  3.  
  4. cp = SafeConfigParser()
  5. cp.add_section("sect")
  6. cp.set("sect","opt","hello%world")
  7.  
  8. cp.write(sys.stdout)
  9.  
Produces this output:
[sect]
opt = hello%world

The write method never calls get. However, when you read the file that
was output by the above code using .get(...) will raise an error. You
can avoid that error by setting the optional 'raw' parameter to True.

Jul 11 '07 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Unsafe code
by: Jon Milner | last post by:
How do I declare that my code is unsafe? Sorry the help files at my University have not been installed!
C# / C Sharp
7
'References' (pointers) in C# (without using unsafe)
by: _ed_ | last post by:
I'd like to build a class or struct composed of pointers to variables. Does this require dropping into an 'unsafe' block, or is there a trick? .... int value1 = 1234; bool value2 = false;...
C# / C Sharp
2
Point structure in unsafe mode problem
by: James Dean | last post by:
I cannot access my array of points in unsafe mode....why?.....i can see the values but when i do pointPtr->x then it says it cannot access the values. The pointPtr->X has no value. *** Sent...
C# / C Sharp
0
Problems with C# unsafe code...
by: Robert Rae | last post by:
I'm calling the C++ function below from C#: GENCLIENT_API int CleanseEx(char ncSystem, const char *strServer, const char **pNames, const char **pInputData, const char **pRules, char...
C# / C Sharp
0
Having problems with C# unsafe.
by: Robert Rae | last post by:
I'm calling the C++ function below from C#: GENCLIENT_API int CleanseEx(char ncSystem, const char *strServer, const char **pNames, const char **pInputData, const char **pRules, char...
C# / C Sharp
7
Setting Pixel Value with Unsafe Code
by: TomHL | last post by:
hello, - I have a Bitmap Object named: bmp1 - I already have the numerical values of:red,blue and green colors + I have the X and Y cordinates. How do I set the pixel value via safe code on...
C# / C Sharp
3
Pointer position in unsafe code
by: TomHL | last post by:
this code set the color that I want only on the first pixel. I have an X & Y values of the pixel that I want to change. How do I change the pointer's position according to my X & Y values that I...
C# / C Sharp
0
Making C# unsafe call from web service....
by: Robert Rae | last post by:
I'm calling the C++ function below from C#: GENCLIENT_API int CleanseEx(char ncSystem, const char *strServer, const char **pNames, const char **pInputData, const char **pRules, char...
.NET Framework
3
I heard there is some trick to referencing statics in C# CLR stored procedure without having to mark the assembly as unsafe. Does anyone know this? This is usefull as the case of needing a little static shared variable here and there without having t
by: DR | last post by:
I heard there is some trick to referencing statics in C# CLR stored procedure without having to mark the assembly as unsafe. Does anyone know this? This is usefull as the case of needing a little...
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!