[Biopython-dev] [Bug 2508] NCBIStandalone.blastall: provide support for '-F F' and make it safe

bugzilla-daemon at portal.open-bio.org bugzilla-daemon at portal.open-bio.org
Thu Jun 5 12:56:21 UTC 2008


http://bugzilla.open-bio.org/show_bug.cgi?id=2508





------- Comment #2 from mmokrejs at ribosome.natur.cuni.cz  2008-06-05 08:56 EST -------
For the latter issue, I would go and use some python library to escape shell
metacharacters. cgi.escape() doesn't do what I would like to. Or cgi.wrap()?
Google search returned some hints:

http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/498202
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/66012
http://e-articles.info/e/a/title/Command-Injection/
https://bugs.gentoo.org/show_bug.cgi?id=187971#c5
https://bugs.gentoo.org/show_bug.cgi?id=187971#c23
http://mail.python.org/pipermail/python-3000/2007-May/007192.html
http://www.owasp.org/index.php/Interpreter_Injection
http://www.velocityreviews.com/forums/t352309-sql-escaping-module.html


One could learn or even use escaping functions from e.g. MySQLdb.escape()
of MySQLdb.connection.escape_string() but I don't think it is a complete
solution. I will try to think of it more later.


-- 
Configure bugmail: http://bugzilla.open-bio.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the Biopython-dev mailing list