Shell quoting as part of the standard library?

D

David M. Wilson

Hello fellow users!

I've been using Python in a couple of different environments for a few
years now. I have quite often found that I have needed to deal with
filenames which may contain characters that confuse the UNIX shell
(space and double quote in particular).

Quite a while ago I came up with two simple functions which allowed me
to safely build a shell command line quickly. I've used the functions
hundreds of times by now, and find myself constantly cut/pasting them
into new projects. It is very likely that someone other than myself
would find these functions to be useful, and I was wondering if such a
thing might find a home in the standard library.

http://botanicus.net/dw/tmp/shellquote.py

Does this sort of thing have a home in the standard library? It
doesn't really apply across platforms, which is my only real concern.
Where should it be added to? shutil?

If you are thinking of commenting on the way shell_quote_string always
quotes, regardless of whether it is needed, please don't. If it acted
in a more human-friendly manner then it would be called
shell_friendly_quote_string, or something even more insane than that.
:)

Thanks,


David.
 
P

Peter Otten

David said:
I've been using Python in a couple of different environments for a few
years now. I have quite often found that I have needed to deal with
filenames which may contain characters that confuse the UNIX shell
(space and double quote in particular).

Quite a while ago I came up with two simple functions which allowed me
to safely build a shell command line quickly. I've used the functions
hundreds of times by now, and find myself constantly cut/pasting them
into new projects. It is very likely that someone other than myself
would find these functions to be useful, and I was wondering if such a
thing might find a home in the standard library.

http://botanicus.net/dw/tmp/shellquote.py

Does this sort of thing have a home in the standard library? It
doesn't really apply across platforms, which is my only real concern.
Where should it be added to? shutil?
' "one\'s own \\$"'

So something very similar for argument preparation is already there. The
joining, as far as I know, currently has to be done manually:
"".join([mkarg(a) for a in ["a a", "$'"]])
' \'a a\' "\\$\'"'

Peter
 
F

Francis Avila

David M. Wilson wrote in message
Hello fellow users!

I've been using Python in a couple of different environments for a few
years now. I have quite often found that I have needed to deal with
filenames which may contain characters that confuse the UNIX shell
(space and double quote in particular).

Isn't this the more general problem of escaping shell metachars in
user-supplied input?

Why don't you just let the shell deal with it?

$ cat > do_st_evil
#! /bin/sh
echo "Gotcha!"
^D
$ chmod u+x do_st_evil
$ python
Python 2.2.1 (#1, Apr 21 2002, 08:38:44)
[GCC 2.95.4 20011002 (Debian prerelease)] on linux2
Type "help", "copyright", "credits" or "license" for more information
import os
badness = '$(./do_st_evil)'
os.popen('echo '+badness).read() 'Gotcha!\n'
os.environ['shellvar'] = badness
os.popen('echo $shellvar').read()
'$(./do_st_evil)\n'
 
D

David M. Wilson

Peter Otten said:
' "one\'s own \\$"'

I don't get it. I just don't get it. I'm really starting to doubt I
have any initiative whatsoever. :)

Ok, yet another mystery "why hasn't python got that" solved. Thanks!


David.
 
O

Oren Tirosh

Hello fellow users!

I've been using Python in a couple of different environments for a few
years now. I have quite often found that I have needed to deal with
filenames which may contain characters that confuse the UNIX shell
(space and double quote in particular).

The best solution is often to bypass the shell (os.system) and execute
the external command you want directly with os.spawnv. In this case the
arguments are passed as a list of strings rather than a space-separated
string and therefore need no quoting.

Oren
 
D

David M. Wilson

Francis Avila said:
Why don't you just let the shell deal with it?

...

That is a very simple solution I have never seen used before. However,
it does not solve my original problem. The solution as I have now been
educated, is mkarg() from the commands module.

Thanks,


David.
 
D

David M. Wilson

Oren Tirosh said:
The best solution is often to bypass the shell (os.system) and execute
the external command you want directly with os.spawnv. In this case the
arguments are passed as a list of strings rather than a space-separated
string and therefore need no quoting.

That would be a fine solution, except again it does not solve my
problem. In the latest application of shell quoting, I needed to
insert filenames into a shell excerpt provided by a user who is
knowledgeable in shell.

They could write, for instance:

process_app %(input_filename) || something %(blah)
[ -s %(output_filename) ] && ...


But it would be above them to express that in Python, so bypassing the
shell is not an option. Thanks,


David.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top