File not closed
Hello
In the following snippet, a file is opened but
without any variable referring to it.
So the file can't be closed.
[line.split(":")[0]
for line in open('/etc/passwd')
if line.strip() and not line.startswith("#")]
What do you think about this practice ?
--
https://mail.python.org/mailman/listinfo/python-list
Re: File not closed
ast wrote:
> Hello
>
> In the following snippet, a file is opened but
> without any variable referring to it.
> So the file can't be closed.
The file will be closed implicitly when the file object gets garbage-
collected:
$ python3
Python 3.4.3 (default, Nov 12 2018, 22:25:49)
[GCC 4.8.4] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> f = open("/etc/passwd")
>>>
[1]+ Stopped python3
$ lsof /etc/passwd
COMMAND PID USER FD TYPE DEVICE SIZE/OFFNODE NAME
python3 6815 peter3r REG8,7 2899 8786346 /etc/passwd
$ fg
python3
>>> del f
>>>
[1]+ Stopped python3
$ lsof /etc/passwd
$
> [line.split(":")[0]
> for line in open('/etc/passwd')
> if line.strip() and not line.startswith("#")]
>
> What do you think about this practice ?
While in most cases relying on the gc does not do any harm I still prefer to
close the file explicitly:
with open("/etc/passwd") as instream:
stuff = [... for line in instream ...]
--
https://mail.python.org/mailman/listinfo/python-list
nltk in 3.7.2 for win 10 64 bit
is there a way to install nltk in win 10 64 bit in python 3.7.2 ? -- Teşekkürler, iyi çalışmalar. ODTU - BİDB Lisanslı Yazılım Sorumlusu [email protected] Tel: 210 3311 -- https://mail.python.org/mailman/listinfo/python-list
Potential Security Bug
Hello, I’m Amit Laish, a security researcher from GE Digital. During one of our assessments we discovered something that we consider a bug with security implications which can cause a denial of service by disk exhausting, and we would like to share it with you, and hear you opinion about it. Link for the required files: https://drive.google.com/open?id=1QxItN7cj0J9LIMqYa0SmmckeQrxSxkBC 1. 20GB.zip – contains 200 files that each file is 100MB, after decompression the size is 20GB. 2. create_zip.py – create new zip name malicious.zip which contains fake value of the uncompressed size header. 3. poc.py – extracts the malicious archive Denial of Service via Decompression in Zipfile Library Background The Zipfile library can be used to extract data from compressed archives. Each file has a metadata that contains information regarding the file, such as uncompressed size, packed size, and more. The decompression progress should extract the data based on the information in the uncompressed data size header and check if the extracted data is equal to the size in the uncompressed data header. The problem The Zipfile library does not use the header of uncompressed size when extracting data from compressed archives. As a result, an attacker can craft a malicious compressed archive file that contains a fake value in the uncompressed size header and combine specific compressed data, which makes the decompressed data’s size more than the system can handle, and thus, cause a denial of service. [cid:[email protected]] Figure 1 – Unpacked size is 200 bytes and after decompression 20GB of the disk space is taken The red team successfully exploited the vulnerability and caused a denial of service. Implications Malicious users can use this method and distribute the archive, and once the victim or application that relies on the uncompressed size header value decompresses it, the whole disk space is exhausted, causing a denial of service. This attack may cause sensitive services to stop working. How to reproduce Note: Both archive file and the malicious script to reproduce the attack are attached to the report. 1. Run create_zip.py file, which changes the header of the uncompressed size to 1 byte and saves it to new file archive called malicious.zip. 2. Run poc.py file to extract the malicious archive. 3. If the vulnerability exists, the disk’s space is approximately taken by 20 GB. Recommendation The extraction progress should use the metadata header that indicates the uncompressed size for each file or should extract the smaller value between the metadata and the file’s size. Thanks, Amit Laish – GE Digital. -- https://mail.python.org/mailman/listinfo/python-list
Re: tkinter
Thanks MRAB, for your advice. I will have close the connection before,
the code fixed are below.
def isInternet():
testConn = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
testConn.settimeout(5)
output = testConn.connect_ex(('8.8.8.8', 80))
testConn.close() <---
if output == 0:
return True
else:
return False
El 19/03/19 a las 17:55, MRAB escribió:
On 2019-03-19 19:46, Informatico de Neurodesarrollo wrote:
Thanks for all yours recommendations, finally I was successfully
finished my first project about tkinter (and I hope, not the last).
Here is the finally code:
#!/usr/bin/env python
#
# DetectConn_2_0.py
#
#
from tkinter import *
import time, socket
def isInternet():
testConn = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
# Force a time limit to conect to the host (5 seg), may be more
or less
testConn.settimeout(5)
output = testConn.connect_ex(('10.44.0.1', 80))
The following lines will cause a return from the function, so the
testConn.close() line will never be reached.
Fortunately, the socket will be closed anyway, when the garbage
collection occurs.
if output == 0:
return True
else:
return False
testConn.close()
def colorupdate():
if isInternet():
root.config(background="#38EB5C")
else:
root.config(background="#F50743")
root.after(5000, colorupdate)
root = Tk()
root.title("Connection")
root.geometry("80x50")
root.resizable(width=False, height=False)
colorupdate()
root.mainloop()
Thanks again
--
Ing. Jesús Reyes Piedra
Admin Red Neurodesarrollo,Cárdenas
La caja decía:"Requiere windows 95 o superior"...
Entonces instalé LINUX.
--
Este mensaje le ha llegado mediante el servicio de correo electronico que
ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema
Nacional de Salud. La persona que envia este correo asume el compromiso de usar
el servicio a tales fines y cumplir con las regulaciones establecidas
Infomed: http://www.sld.cu/
--
https://mail.python.org/mailman/listinfo/python-list
Re: Can my python program send me a text message?
On 19/03/2019 19:33, Abdur-Rahmaan Janhangeer wrote: - 1) use pi with gsm module. or - 2) find some free sms api for python then use Slightly off-topic, but you (the OP) should be aware that carriers do not guarantee that texts will be delivered in a timely manner. In fact they don't guarantee to deliver the texts at all. We have had clients become very unhappy when confronted with the reality of that. -- Rhodri James *-* Kynesim Ltd -- https://mail.python.org/mailman/listinfo/python-list
Re: File not closed
On 2019-03-20, ast wrote:
> Hello
>
> In the following snippet, a file is opened but
> without any variable referring to it.
> So the file can't be closed.
>
> [line.split(":")[0]
> for line in open('/etc/passwd')
> if line.strip() and not line.startswith("#")]
>
> What do you think about this practice ?
If it's a short-lived program, then it will always get closed when the
program terminates. Otherwise, it will get (eventually) get closed
when the garbage collection system cleans up the orphan object.
For short, throw-away progams, that's fine. For long running servers,
it's bad style.
--
Grant Edwards grant.b.edwardsYow! Hmmm ... A hash-singer
at and a cross-eyed guy were
gmail.comSLEEPING on a deserted
island, when ...
--
https://mail.python.org/mailman/listinfo/python-list
RE: Can my python program send me a text message?
This is a very good point since I am already finding that the arrival of texts, and voice mail, seem to be irregular with respect to delivery times with my phone as it is. On the other hand, I was not thinking fourth dimensionally when I thought about using text mail for this project. Since I am planning to migrate this program into my phone eventually, I can just use the beep in the phone instead. When I get the transfer done, I can then think about how to get the phone to make the sounds. Still, Python-to-text messaging code is an interesting concept to explore should I want to use it the future. Footnote: 98% of lawyers give the other 2% a bad name. -Original Message- From: Python-list On Behalf Of Rhodri James Sent: Wednesday, March 20, 2019 9:20 AM To: [email protected] Subject: Re: Can my python program send me a text message? On 19/03/2019 19:33, Abdur-Rahmaan Janhangeer wrote: > - 1) use pi with gsm module. > or > - 2) find some free sms api for python then use Slightly off-topic, but you (the OP) should be aware that carriers do not guarantee that texts will be delivered in a timely manner. In fact they don't guarantee to deliver the texts at all. We have had clients become very unhappy when confronted with the reality of that. -- Rhodri James *-* Kynesim Ltd -- https://mail.python.org/mailman/listinfo/python-list -- https://mail.python.org/mailman/listinfo/python-list
Re: File not closed
On Thu, Mar 21, 2019 at 1:16 AM Grant Edwards wrote:
>
> On 2019-03-20, ast wrote:
> > Hello
> >
> > In the following snippet, a file is opened but
> > without any variable referring to it.
> > So the file can't be closed.
> >
> > [line.split(":")[0]
> > for line in open('/etc/passwd')
> > if line.strip() and not line.startswith("#")]
> >
> > What do you think about this practice ?
>
> If it's a short-lived program, then it will always get closed when the
> program terminates. Otherwise, it will get (eventually) get closed
> when the garbage collection system cleans up the orphan object.
>
> For short, throw-away progams, that's fine. For long running servers,
> it's bad style.
What Grant just said is the worst-case, btw. It'll often be closed
more promptly than that, but it's not guaranteed, unless you
explicitly call close() on the file, or (best recommendation) use it
in a 'with' block to ensure that it's closed when you exit.
ChrisA
--
https://mail.python.org/mailman/listinfo/python-list
Determining latest stable version for download
Some time in the near future I will want to install the latest current stable version of python on a remote server. I anticipate that I will either use wget from the server shell or download to my workstation and transfer via FTP. I will need source to compile. I see python source at https://www.python.org/ftp/python/. How do I determine the following? 1) Latest current stable version of python 3* 2) Correct tarfile for linux - at this time I assume it will be linux centOS TIA -- Tim Johnson http://www.tj49.com -- https://mail.python.org/mailman/listinfo/python-list
Re: Can my python program send me a text message?
On 19/03/2019 18:23, Steve wrote: I have a program that triggers a reminder timer. When that timer is done, I would like to receive a text message on my phone to tell me that it is time to reset the experiment. Can this be done using Python? Steve Yes. After playing with assorted "free" systems I gave up being a cheapskate and got a paid account with a telephony as a service provider. -- https://mail.python.org/mailman/listinfo/python-list
Re: Determining latest stable version for download
1) https://www.python.org/downloads/ has release information. Based on that you would currently want 3.7.2. Make sure you actually download 3.7.2 and not 3.7.2rc1. 2) The tarfiles are not distro-specific. For Linux there are really only two options: Python-3.7.2.tar.xz and Python-3.7.2.tgz. The only difference is that one is compressed with xz and the other is compressed with gzip. Pick the .xz unless you're unable to decompress it. On Wed, Mar 20, 2019 at 12:43 PM Tim Johnson wrote: > Some time in the near future I will want to install the latest > current stable version of python on a remote server. I anticipate > that I will either use wget from the server shell or download to my > workstation and transfer via FTP. I will need source to compile. > > I see python source at https://www.python.org/ftp/python/. > > How do I determine the following? > 1) Latest current stable version of python 3* > 2) Correct tarfile for linux - at this time I assume it will be >linux centOS > > TIA > -- > Tim Johnson > http://www.tj49.com > -- > https://mail.python.org/mailman/listinfo/python-list > -- https://mail.python.org/mailman/listinfo/python-list
Re: Potential Security Bug
On Wed, Mar 20, 2019 at 5:14 AM Laish, Amit (GE Digital) wrote: > > Hello, > I’m Amit Laish, a security researcher from GE Digital. > During one of our assessments we discovered something that we consider a bug with security implications which can cause a denial of service by disk exhausting, and we would like to share it with you, and hear you opinion about it. This is a general discussion list. https://www.python.org/news/security/ documents how to report Python security bugs. Please send your report to the PSRT as described there. -- https://mail.python.org/mailman/listinfo/python-list
Re: File not closed
On 2019-03-20, ast wrote:
In the following snippet, a file is opened but
without any variable referring to it.
So the file can't be closed.
[line.split(":")[0]
for line in open('/etc/passwd')
if line.strip() and not line.startswith("#")]
What do you think about this practice ?
As others have agreed, the lack of close() is not good practice, even if
it is unlikely to reduce anyone to tears.
Two other points, if I may:
1 it is a fairly complex line, having been split into three. If it is
simplified into an explicit foreach-loop, then a file-handle becomes
necessary - and can be closed. NB The greatest benefit there lies in the
simplification/readability.
(not a reflection on you, but thinking of 'future-readers')
2 this (revealed snippet of) code will fail on a huge number of
machines. [insert comment about the superiority of Linux/the failings of
MS-Windows, here] Accordingly, it should be wrapped into a try...except
block. That being the case, by unwinding the foreach-loop (1) and adding
try...finally, it'll 'tick all your boxes'! There's also room for an
illuminating (and educational) "I can't do that Dave" errmsg...
(despite my also being a fan of context-managers, per previous advice!)
--
Regards =dn
--
https://mail.python.org/mailman/listinfo/python-list
Might be doing this wrong? (Turtle graphics)
So, I typed in code: from turtle import * forward(100) right(120) clear() It didn't work! It kept on saying that there was an indent and the first line was wrong. Help! -- https://mail.python.org/mailman/listinfo/python-list
Re: Might be doing this wrong? (Turtle graphics)
On Wednesday, March 20, 2019, at 7:34:53 PM UTC-4, CrazyVideoGamez wrote: > So, I typed in code: > from turtle import * > forward(100) > right(120) > clear() > It didn't work! It kept on saying that there was an indent and the first line > was wrong. Help! I'm a beginner by the way. -- https://mail.python.org/mailman/listinfo/python-list
Re: Might be doing this wrong? (Turtle graphics)
Jason, On 21/03/19 12:34 PM, [email protected] wrote: So, I typed in code: from turtle import * forward(100) right(120) clear() It didn't work! It kept on saying that there was an indent and the first line was wrong. Help! It would be most helpful if you gave us the exact error msg, in the same way that you copy-pasted the source-code. "Turtle" is not part of the Python 'core'. It has to be added from the Python Standard Library (PSL). My !GUESS! is that the Turtle library is not (yet) available on your system. Did you first "pip" or otherwise download the library? (I have, and the code works happily) WebRefs: (modify to suit the version of Python in-use) https://docs.python.org/3/installing/index.html?highlight=pip https://docs.python.org/3/library/turtle.html -- Regards =dn -- https://mail.python.org/mailman/listinfo/python-list
Re: Might be doing this wrong? (Turtle graphics)
On 2019-03-21 00:12, DL Neil wrote: Jason, On 21/03/19 12:34 PM, [email protected] wrote: So, I typed in code: from turtle import * forward(100) right(120) clear() It didn't work! It kept on saying that there was an indent and the first line was wrong. Help! It would be most helpful if you gave us the exact error msg, in the same way that you copy-pasted the source-code. "Turtle" is not part of the Python 'core'. It has to be added from the Python Standard Library (PSL). My !GUESS! is that the Turtle library is not (yet) available on your system. Did you first "pip" or otherwise download the library? (I have, and the code works happily) WebRefs: (modify to suit the version of Python in-use) https://docs.python.org/3/installing/index.html?highlight=pip https://docs.python.org/3/library/turtle.html It worked for me as written above (Python 3.7, Windows 10). -- https://mail.python.org/mailman/listinfo/python-list
Re: Determining latest stable version for download
* Ian Kelly [190320 12:00]: > 1) https://www.python.org/downloads/ has release information. Based on that > you would currently want 3.7.2. Make sure you actually download 3.7.2 and > not 3.7.2rc1. Understood. Thanks. Your info is the solution. > 2) The tarfiles are not distro-specific. For Linux there are really only > two options: Python-3.7.2.tar.xz and Python-3.7.2.tgz. The only difference > is that one is compressed with xz and the other is compressed with gzip. > Pick the .xz unless you're unable to decompress it. > On Wed, Mar 20, 2019 at 12:43 PM Tim Johnson wrote: > > > Some time in the near future I will want to install the latest > > current stable version of python on a remote server. I anticipate > > that I will either use wget from the server shell or download to my > > workstation and transfer via FTP. I will need source to compile. > > > > I see python source at https://www.python.org/ftp/python/. > > > > How do I determine the following? > > 1) Latest current stable version of python 3* > > 2) Correct tarfile for linux - at this time I assume it will be > >linux centOS > > > > TIA > > -- > > Tim Johnson > > http://www.tj49.com > > -- > > https://mail.python.org/mailman/listinfo/python-list > > > -- > https://mail.python.org/mailman/listinfo/python-list -- Tim Johnson http://www.tj49.com -- https://mail.python.org/mailman/listinfo/python-list
Re: I wrote a free book about TDD and clean architecture in Python
> On 20/03/19 7:18 AM, Leonardo Giordani wrote: > > Ha ha ha, yes I get it! =) I'm sorry, that depends entirely on the LeanPub > > processing chain (I believe, I'll have a look just to be sure). I hope the > > book will be useful even with this little issue. Thanks for reading it! DL Neil writes: > Yes, I'm happy reading from cover-to-cover. Unfortunately, not being able to > refer back to (say) the Mocks chapter, means it will be of little utility > (to me) in-future. For what it's worth, the epub version has chapter links that work fine. So maybe you could download the epub version, and use calibre's ebook-convert to make a mobi version? Nice book, Leonardo. I haven't finished part 2 yet, but part 1 inspired me to go write some new tests for some of my existing programs, and I'm planning to try test-first development for my next project. ...Akkana -- https://mail.python.org/mailman/listinfo/python-list
Re: Determining latest stable version for download
On 03/20/2019 07:10 PM, Tim Johnson wrote: > * Ian Kelly [190320 12:00]: >> 1) https://www.python.org/downloads/ has release information. Based on that >> you would currently want 3.7.2. Make sure you actually download 3.7.2 and >> not 3.7.2rc1. > Understood. Thanks. Your info is the solution. I always found maintaining software installed from tarball on a remote server was difficult at best. You mentioned it will be on CentOS. If you have CentOS 7, the EPEL repository (nearly required by all installations in my opinion), has a package for Python 3.6, called python36. The advantage there is that it will be updated with point releases and kept somewhat secure by your normal yum update process. Also you might check out RedHat's Software Collections at https://www.softwarecollections.org/en/. They have Python 3.6 in it, and I imagine 3.7 will be there soon. Software Collections might not work for you as it installs to /opt and stays out of the default path. It's more for developers who want to play with multiple versions of languages and compilers. -- https://mail.python.org/mailman/listinfo/python-list
Re: Might be doing this wrong? (Turtle graphics)
On 3/20/2019 7:34 PM, [email protected] wrote: So, I typed in code: from turtle import * forward(100) right(120) clear() It didn't work! It kept on saying that there was an indent and the first line was wrong. Help! that suggests that what you typed above is not what you ran. Did you run a file or enter interactively? Either way, copy and paste the exact input and the full traceback. -- Terry Jan Reedy -- https://mail.python.org/mailman/listinfo/python-list
