-
Notifications
You must be signed in to change notification settings - Fork 108
Parenthesis converted by pprint
-
Affected Components : pprint
-
Operating System : Linux
-
Python Versions : 2.6.x, 2.7.x, 3.1.x, 3.2.x
-
Reproducible : Yes
import pprint
tup = ('ham', ('jam', ('cream', ('beam', ('ni', ('bread',('mushroom', ('raw meat',))))))))
stuff = ["a" * 10, tup, ['a' * 30, 'b' * 30], ['c' * 20, 'd' * 20]]
pprint.pprint(stuff)
'''
['aaaaaaaaaa', <---- PROBLEM as "a" is now 'a'
('ham',
('jam',
('cream',
('beam', ('ni', ('bread', ('mushroom', ('raw meat',)))))))),
['aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'],
['cccccccccccccccccccc', 'dddddddddddddddddddd']]
'''
# PROBLEM - pprint call will show that " is tranformed in '
pprint.pprint("abcd " * 6, width=15)
#'abcd abcd abcd abcd abcd abcd '
# This pprint behaves as expected
pprint.pprint('abcd ' * 6, width=15)
#'abcd abcd abcd abcd abcd abcd '
# PROBLEM - pprint call will show that " is tranformed in '
pprint.pprint(b"\x00\xff" * 10, width=15)
#b'\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff'
pprint.pprint(b'\x00\xff' * 10, width=15)
#b'\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff'To reproduce the problem copy the source code in a file and execute the script using the following command syntax:
$ python -OOBRtt test.pyAlternatively you can open python in interactive mode:
$ python -OOBRtt <press enter>Then copy the lines of code into the interpreter.
Executing the source code under python 2.6 or python 2.7 generates the following result:
['aaaaaaaaaa',
('ham',
('jam',
('cream',
('beam', ('ni', ('bread', ('mushroom', ('raw meat',)))))))),
['aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'],
['cccccccccccccccccccc', 'dddddddddddddddddddd']]
'abcd abcd abcd abcd abcd abcd '
'abcd abcd abcd abcd abcd abcd '
'\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff'
'\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff'
The problem is that pprint should use the parentesis specified in the code but this is not the case and all are converted to '.
This can be seen in this first example where "abcd " is transformed into 'abcd '.
pprint.pprint("abcd " * 6, width=15)
# PROBLEM as " is now '
# 'abcd abcd abcd abcd abcd abcd '
And same happens in next example where b"\x00\xff" is converted into b'\x00\xff'.
pprint.pprint(b"\x00\xff" * 10, width=15)
# PROBLEM as " is now '
#b'\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff\x00\xff'
We are not aware on any easy solution other than trying to avoid using 'pprint' in cases like the one examined.
[Python pprint][01] [01]:https://docs.python.org/2/library/pprint.html
[Python strings][02] [02]:https://docs.python.org/2.0/ref/strings.html
[Python bug 17530][03] [03]:http://bugs.python.org/issue17530
Main site: pythonsecurity.org
OWASP Page: owasp.org/index.php/OWASP_Python_Security_Project