Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Provide a flag to open data packages with not safe paths?
See original GitHub issueOverview
We could allow to open data package with not safe paths if user explicitly choose it:
package = Package(descriptor, safe=False)
From @vitorbaptista
This is what I’m trying to do:
import datapackage
descriptor = {
'name': 'my-datapackage',
'resources': [
{
'name': 'data',
'path': '/tmp/my-data.csv'
}
]
}
dp = datapackage.Package(descriptor)
# *** tableschema.exceptions.DataPackageException: Local path "/tmp/my-data.csv" is not safe
Reading the helpers.is_safe_path() method:
Makes me think that what I’m trying to do isn’t possible anymore. Any known workarounds?
(cc @roll)
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:5 (4 by maintainers)
Top Results From Across the Web
How To Use the Flag Package in Go - DigitalOcean
Using the flag package involves three steps: First, define variables to capture flag values, then define the flags your Go application will use, ......
Read more >Reading flags from a file - LaunchDarkly docs
This topic explains how to run feature flags from a file when you're using a server-side SDK.
Read more >Security - Frictionless Standards
Security considerations around Data Packages and Data Resources ... Absolute paths are disallowed as they would open data exfiltration ...
Read more >Safe Streets and Roads for All (SS4A) Grant Program
The new Safe Streets and Roads for All (SS4A) discretionary program provides $5 billion in grants over the next 5 years to support...
Read more >How to Open a File and Not Get Hacked
No standard API that provides secure semantics ... Denial of Service after unlink, Uses untrusted data after create.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
It’s being released atm as
datapackage@1.13:This is also an issue for me, as I described in the unnecessary duplicate issue: https://github.com/frictionlessdata/datapackage-py/issues/261 Thanks @vitorbaptista for the mock workaround, I’ll copy it for now in my code.