osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why exception from os.path.exists()?


Marko Rauhamaa <marko at pacujo.net>:

> This is a security risk. Here is a brief demonstration. Copy the example
> HTTP server from:
>
>    <URL: https://docs.python.org/3/library/http.server.html?highlight=h
>    ttp#http.server.SimpleHTTPRequestHandler>
>
> [...]
>
>   3. http://localhost:8000/te%00st.html
>
>      => The server crashes with a ValueError and the TCP connection is
>         reset

An exercise for the reader: provide a fix for the example server so the
request returns a 404 response just like any other nonexistent resource.


Marko