[Biopython-dev] [Bug 2508] NCBIStandalone.blastall: provide support for '-F F' and make it safe
bugzilla-daemon at portal.open-bio.org
bugzilla-daemon at portal.open-bio.org
Thu Jun 5 12:56:21 UTC 2008
http://bugzilla.open-bio.org/show_bug.cgi?id=2508
------- Comment #2 from mmokrejs at ribosome.natur.cuni.cz 2008-06-05 08:56 EST -------
For the latter issue, I would go and use some python library to escape shell
metacharacters. cgi.escape() doesn't do what I would like to. Or cgi.wrap()?
Google search returned some hints:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/498202
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/66012
http://e-articles.info/e/a/title/Command-Injection/
https://bugs.gentoo.org/show_bug.cgi?id=187971#c5
https://bugs.gentoo.org/show_bug.cgi?id=187971#c23
http://mail.python.org/pipermail/python-3000/2007-May/007192.html
http://www.owasp.org/index.php/Interpreter_Injection
http://www.velocityreviews.com/forums/t352309-sql-escaping-module.html
One could learn or even use escaping functions from e.g. MySQLdb.escape()
of MySQLdb.connection.escape_string() but I don't think it is a complete
solution. I will try to think of it more later.
--
Configure bugmail: http://bugzilla.open-bio.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the Biopython-dev
mailing list