[issue29670] argparse: does not respect required args pre-populated into namespace

2017-02-27 Thread Matthew Hall 

New submission from Matthew Hall:

I have some Python code which takes advantage of the ability to prepopulate the 
argparse Namespace before passing it to argparse. This allows me to read 
sensitive settings such as usernames and passwords from DBs, environment 
variables, etc. in addition to the CLI for security so they don't appear as 
process arguments anyone could see.

Some of these scripts have usernames and passwords as required arguments since 
they cannot function without them. Unfortunately you hit this bug when you load 
them into the namespace yourself from some secure place of your choice and then 
pass them in:

args = parser.parse_args(argv, namespace)

The following argparse code which doesn't respect that they were present 
already and throws a fatal error. In addition, the parse_known_args function is 
246 lines of code which uses ugly nested cheater functions, and the 
seen_actions variable is in the stack of the function not a member variable, so 
there is no way you can cleanly override or work around the behavior with a 
subclass, either by replacing the function (too massive) or by fixing up the 
seen_actions variable (can't get to it on the stack from outside).

So, I suggest that this code should to be fixed so that it will respect any 
existing values in the Namespace if they are present:

# make sure all required actions were present, and convert defaults.
for action in self._actions:
if action not in seen_actions:
if action.required:
name = _get_action_name(action)
self.error(_('argument %s is required') % name)

--
components: Library (Lib)
messages: 288667
nosy: mhcptg
priority: normal
severity: normal
status: open
title: argparse: does not respect required args pre-populated into namespace
type: behavior
versions: Python 2.7

___
Python tracker 
<http://bugs.python.org/issue29670>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15824] mutable urlparse return type

2014-11-05 Thread Matthew Hall 

Matthew Hall added the comment:

I don't think having to call a method with a weird secret underscored name to 
update a value in a URL named tuple is very elegant. Neither is creating a 
handful of pointless objects to make one simple validator function like the one 
I had to code today. I would urge some reconsideration of this, like a way to 
get back a named yet mutable object when needed, instead of trying to force 
everybody to do this one way which isn't always that great.

def validate_url(url):
parts = urlparse.urlparse(url.strip())
# scheme, netloc, path, params, query, fragment
# XXX: preserve backward compatibility w/ old code
if not parts.scheme:
parts = parts._replace(scheme='http', netloc=parts.path.strip('/'), 
path='')

# remove params, query, and fragment
# params is nearly never used anywhere
# (NOTE: it does NOT mean the stuff after '?')
# it actually means this http://domain/page.py;param1=foo?query1=bar
# query and fragment are used but aren't helpful for our application
parts = parts._replace(params='', query='', fragment='')

if parts.scheme not in URI_SCHEMES:
raise ValueError('scheme=%s is not valid' % parts.scheme)
if '.' not in parts.netloc:
raise ValueError('location=%s does not contain a domain' % parts.netloc)

if len(parts.path) and not parts.path.startswith('/'):
raise ValueError('path=%s appears invalid' % parts.path)
elif not parts.path:
parts=parts._replace(path='/')

validated_url = parts.geturl()
return validated_url, parts

--
nosy: +mhcptg

___
Python tracker 
<http://bugs.python.org/issue15824>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com