-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open and load --code file and arguments in C++ #60134
base: master
Are you sure you want to change the base?
Conversation
@btzy when we introduced @btzy If you need arguments valid only in the context of the |
No strong opinion. What would be the reason to not make it also available for other python code than |
@domi4484 I misunderstood the help string of |
I'm not sure how to trigger the automatic Windows build that other PRs have; can someone help me get the GitHub Action to run? |
Separately, I made #60183 to fix the grammar error in the help, which was what originally misled me to think that |
ef2a7f6
to
20e2318
Compare
🪟 Windows buildsDownload Windows builds of this PR for testing. 🪟 Windows Qt6 buildsDownload Windows Qt6 builds of this PR for testing. |
64c5dda
to
1f44ac4
Compare
@agiudiceandrea @domi4484 I've tested that the Windows build works:
There is an unrelated test failing, but I see that it is marked as "unstable": https://cdash.orfeo-toolbox.org/viewTest.php?buildid=28319 |
Description
I took a stab at #60120 to see if we can design a better alternative to #60121.
Instead of doing string substitution into Python code, we use the proper Python C API functions to assign to
sys.argv
and execute a Python script from a file. This avoids the issues that arise due to improper escaping of strings (e.g.'
and\
). Unix file names in particular may contain any non-null character (including non-printable characters), and trying to escape such characters manually would otherwise be difficult to get right. String substitution is also possibly vulnerable to code injection attacks, as it is possible to carefully craft a string containing code that will be executed.There was a hack that converts Windows-style directory separators to Unix-style directory separators. This is no longer necessary, and therefore has been removed.
Note that this PR changes the behaviour when
--py-args
is specified without--code
. Previously, we would setsys.argv
to the arguments given, but with this PR we do not do that. As far as I can tell,--py-args
is meant to be used with--code
, and therefore the former was unintended.Fixes #60120.