* Adrian Mariano <rad...@cox.net>, 2018-07-22, 18:04:
I'm not sure about exactly the right way to validate the metals. I
took the most relaxed route of just banning '!',
Enumerating badness makes me nervous. It is generally considered a bad
security practice.
What do you mean by "enumerating badness"?
I mean forbidding only things that are known to be unsafe (as opposed to
only allowing things that are known to be safe). The term was
popularized by this essay:
https://www.ranum.com/security/computer_security/editorials/dumb/
for metal, price in metals.items():
if metal in validmetals:
metallist.append('{:19}{} US$/troyounce'.format( metal + 'price', price))
Price is not validated here.
stderr.write('Got unknown metal "{}" with value "{}"\n',metal,price)
I think this message should be printed only if --verbose was enabled,
for consistency how unknown currencies are handled.
--
Jakub Wilk
