[issue38985] `compile` returns the first line of file on termination

[Koh]

New submission from Koh :

By specifying a filename in the compile function and then improperly 
terminating it, we are able to return the first line of any file.

>> compile('yield', '/etc/passwd', 'exec')
File "/etc/passwd", line 1
root:x:0:0:root:/root:/bin/bash
^
SyntaxError: 'yield' outside function

Is this intended behavior? I have been able to use it to escape sandboxes.

--
messages: 357906
nosy: iso
priority: normal
severity: normal
status: open
title: `compile` returns the first line of file on termination
type: security
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9

___
Python tracker 
<https://bugs.python.org/issue38985>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue2464] urllib2 can't handle http://www.wikispaces.com

[Koh Wei Jie]

New submission from Koh Wei Jie <[EMAIL PROTECTED]>:

Try the following code:

import urllib2
gmail = urllib2.urlopen("https://www.gmail.com";).read()
wikispaces = urllib2.urlopen("http://www.wikispaces.com";).read()

Getting the html over HTTPS from gmail.com works, but not over HTTP from
wikispaces. Here's the traceback:
>>> wikispaces = urllib2.urlopen("http://www.wikispaces.com";).read()
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python2.5/urllib2.py", line 121, in urlopen
return _opener.open(url, data)
  File "/usr/lib/python2.5/urllib2.py", line 380, in open
response = meth(req, response)
  File "/usr/lib/python2.5/urllib2.py", line 491, in http_response
'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.5/urllib2.py", line 412, in error
result = self._call_chain(*args)
  File "/usr/lib/python2.5/urllib2.py", line 353, in _call_chain
result = func(*args)
  File "/usr/lib/python2.5/urllib2.py", line 575, in http_error_302
return self.parent.open(new)
  File "/usr/lib/python2.5/urllib2.py", line 380, in open
response = meth(req, response)
  File "/usr/lib/python2.5/urllib2.py", line 491, in http_response
'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.5/urllib2.py", line 412, in error
result = self._call_chain(*args)
  File "/usr/lib/python2.5/urllib2.py", line 353, in _call_chain
result = func(*args)
  File "/usr/lib/python2.5/urllib2.py", line 575, in http_error_302
return self.parent.open(new)
  File "/usr/lib/python2.5/urllib2.py", line 374, in open
response = self._open(req, data)
  File "/usr/lib/python2.5/urllib2.py", line 392, in _open
'_open', req)
  File "/usr/lib/python2.5/urllib2.py", line 353, in _call_chain
result = func(*args)
  File "/usr/lib/python2.5/urllib2.py", line 1100, in http_open
return self.do_open(httplib.HTTPConnection, req)
  File "/usr/lib/python2.5/urllib2.py", line 1075, in do_open
raise URLError(err)
urllib2.URLError: 

Note the two 302 redirects.

I tried accessing wikispaces.com with SSL turned off in Firefox
2.0.0.12, which didn't work because SSL was required, perhaps in between
the redirects that wikispaces uses.

Why doesn't urllib2 handle the "hidden" SSL properly? (Not to be rude,
but httplib2 works.)

Thanks!
WJ

--
components: Library (Lib)
messages: 64363
nosy: weijie90
severity: normal
status: open
title: urllib2 can't handle http://www.wikispaces.com
type: behavior
versions: Python 2.5

__
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue2464>
__
___
Python-bugs-list mailing list 
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue2464] urllib2 can't handle http://www.wikispaces.com

[Koh Wei Jie]

Koh Wei Jie <[EMAIL PROTECTED]> added the comment:

Please take your time, because this bug isn't critical. Thanks!

__
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue2464>
__
___
Python-bugs-list mailing list 
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com