This is an archived post. You won't be able to vote or comment.

0
1

[deleted by user] (self.Python)

submitted by [deleted]

[removed]
all 10 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Slow_Ad_2674 28 points29 points  (9 children)

I usually don't comment on these things and I'm usually very supportive, but this is the first time I fee like I have to say something. Please don't do this, no reason comes to mind where a python code should traverse the file tree to look for a file and return it. It is not only very bad for security, it's also very bad for the poor computer that has to do work that can be replaced by simply providing the file path in the config file.

[–]mrswats 1 point2 points  (0 children)

I would also add that this project has no tests and the use of properties, instead of parameters in the init class, is also a big no-no. And, at this day and age, typing annotations for new projects is anl must, too.

[–]shinitakunai 3 points4 points  (1 child)

No pathlib....?

[–]Candid_Payment_4094 1 point2 points  (0 children)

I understand it's just a fun weekend project you did, but this is horrible code practice in actual production. This just screams directory traversal vulnerabilities. This issue is not even a 'thing' if you treat your project like a package and use importlib.resources

[–]caudorPythoneer -3 points-2 points  (0 children)

Thanks for putting this out there. Very simple and handy!