Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!novia!news-out.readnews.com!transit3.readnews.com!panix!not-for-mail From: Grant Edwards Newsgroups: comp.lang.python Subject: Yet another attempt at a safe eval() call Date: Thu, 3 Jan 2013 23:25:51 +0000 (UTC) Organization: PANIX Public Access Internet and UNIX, NYC Lines: 26 Message-ID: NNTP-Posting-Host: dsl.comtrol.com X-Trace: reader1.panix.com 1357255551 3524 64.122.56.22 (3 Jan 2013 23:25:51 GMT) X-Complaints-To: abuse@panix.com NNTP-Posting-Date: Thu, 3 Jan 2013 23:25:51 +0000 (UTC) User-Agent: slrn/pre1.0.0-18 (Linux) Xref: csiph.com comp.lang.python:36088 I've written a small assembler in Python 2.[67], and it needs to evaluate integer-valued arithmetic expressions in the context of a symbol table that defines integer values for a set of names. The "right" thing is probably an expression parser/evaluator using ast, but it looked like that would take more code that the rest of the assembler combined, and I've got other higher-priority tasks to get back to. How badly am I deluding myself with the code below? def lessDangerousEval(expr): global symbolTable if 'import' in expr: raise ParseError("operand expressions are not allowed to contain the string 'import'") globals = {'__builtins__': None} locals = symbolTable return eval(expr, globals, locals) I can guarantee that symbolTable is a dict that maps a set of string symbol names to integer values. -- Grant Edwards grant.b.edwards Yow! -- I have seen the at FUN -- gmail.com