[FRPythoneers] Python CGI & Security

Matt Gushee mgushee at havenrock.com
Mon Jul 15 01:02:41 MDT 2002


Thank you much for the feedback.

On Sun, Jul 14, 2002 at 04:59:02PM -0600, Evelyn Mitchell wrote:
> Where is IllegalStateError defined? infomail.py tracebacks:

Oops. I thought it was built in. I guess I was getting confused with
Java's IllegalStateException.

> [efm at gwen pychecker-0.8.10]$ python  /home/efm/infomail.py
> Traceback (innermost last):
  [ ... ]
> NameError: IllegalStateError

Interesting. I get the same thing on the command line. But if I stick
the file in my CGI directory, and run it as an actual CGI script, this
error doesn't occur. Why would that be, I wonder?

> In mailer.py OK is defined 3 times. Once as a global, at line 99 as
> a local, and at line 120 as a local. This may not have the effect you
> expect. You probably want to pass 'OK' as a parameter.

Or just not use it. That was inherited from the original code, and I
didn't change it.

> RATS complains that re.compile is a dangerous call:
>    Argument 1 to this function call should be checked to ensure that it
>    does not come from an untrusted source without first verifying that it
>    contains nothing dangerous.

re.compile? But the one regexp I use is hard-coded. Do you see a
potential problem with that?

BTW, what is RATS?

-- 
Matt Gushee
Englewood, Colorado, USA
mgushee at havenrock.com
http://www.havenrock.com/



More information about the FRPythoneers mailing list