Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #36188

Re: Yet another attempt at a safe eval() call

Path csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsreader4.netcologne.de!news.netcologne.de!xlned.com!feeder7.xlned.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path <oscar.j.benjamin@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.026
X-Spam-Evidence '*H*': 0.95; '*S*': 0.00; 'that?': 0.05; 'suppose': 0.07; 'ast': 0.09; '"right"': 0.16; 'to:name:python list': 0.16; 'wrote:': 0.17; 'thu,': 0.17; 'jan': 0.18; 'obviously': 0.18; '>>>': 0.18; 'module': 0.19; 'import': 0.21; 'do.': 0.21; 'header :In-Reply-To:1': 0.25; 'possibility': 0.27; 'module.': 0.27; 'message-id:@mail.gmail.com': 0.27; 'arithmetic': 0.29; "d'aprano": 0.29; 'steven': 0.29; 'figure': 0.30; 'to:addr:python- list': 0.33; 'received:google.com': 0.34; 'remote': 0.35; 'received:209.85': 0.35; 'there': 0.35; 'created': 0.36; 'but': 0.36; 'should': 0.36; 'does': 0.37; 'why': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'to:addr:python.org': 0.39; 'called': 0.39; 'header:Received:5': 0.40; 'your': 0.60; 'most': 0.61; '2013': 0.84; 'oscar': 0.84; 'edwards': 0.91
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=cEKK23jnu8WnBIA2ayy2H2f5yMrNnXdsA+UeMN7NBQY=; b=ZcKBpBvqLxCn6gtPga+6rU9zHpCcF6wj1DzRtnrsVjoo06TmGHKI+xT4nycxPGSIdw b4hXO0phQrG6nukUkfEDrDtPfSv6HTTup3IcOjfZAj6XvPLI4sbSiTg3TrQDcCbn4umk g9qUSPYu3fasr6ZRg8khOcDaQquT3KTcAyUrpVAjlqaCK7v2tSJPJbkyncGOIgyokeyU scSsY9I+qhgZzSAMb/omj5vejPBycUPVdPThHDEcCTJp2E0vVf/cSb1eAHZOcD80wY7s hzrmAQt9LZu3aJhngS5Rnb5wNPWIl7fzRNhWugl+DAQqxD2iuAghwYmnpsDmgadhy00g JPvg==
MIME-Version 1.0
In-Reply-To <kc6tu3$s34$1@reader1.panix.com>
References <kc541v$3e4$1@reader1.panix.com> <50e6891c$0$30003$c3e8da3$5496439d@news.astraweb.com> <kc6tu3$s34$1@reader1.panix.com>
Date Sat, 5 Jan 2013 15:56:31 +0000
Subject Re: Yet another attempt at a safe eval() call
From Oscar Benjamin <oscar.j.benjamin@gmail.com>
To Python List <python-list@python.org>
Content-Type text/plain; charset=ISO-8859-1
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.126.1357401393.2939.python-list@python.org> (permalink)
Lines 22
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1357401393 news.xs4all.nl 6969 [2001:888:2000:d::a6]:45948
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:36188

Show key headers only | View raw

On 4 January 2013 15:53, Grant Edwards <invalid@invalid.invalid> wrote:
> On 2013-01-04, Steven D'Aprano <steve+comp.lang.python@pearwood.info> wrote:
>> On Thu, 03 Jan 2013 23:25:51 +0000, Grant Edwards wrote:
>>
>> * But frankly, you should avoid eval, and write your own mini-integer
>>   arithmetic evaluator which avoids even the most remote possibility
>>   of exploit.
>
> That's obviously the "right" thing to do.  I suppose I should figure
> out how to use the ast module.

Someone has already created a module that does this called numexpr. Is
there some reason why you don't want to use that?

>>> import numexpr
>>> numexpr.evaluate('2+4*5')
array(22, dtype=int32)
>>> numexpr.evaluate('2+a*5', {'a':4})
array(22L)


Oscar

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-03 23:25 +0000
  Re: Yet another attempt at a safe eval() call Tim Chase <python.list@tim.thechases.com> - 2013-01-03 19:11 -0600
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 02:34 +0000
  Re: Yet another attempt at a safe eval() call Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-01-04 07:47 +0000
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 15:53 +0000
      Re: Yet another attempt at a safe eval() call Michael Torrie <torriem@gmail.com> - 2013-01-04 09:05 -0700
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 16:16 +0000
      Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-05 15:56 +0000
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-06 15:12 +0000
          Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-07 00:08 +0000
      Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-06 03:01 +1100
      Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-05 16:17 +0000
        Re: Yet another attempt at a safe eval() call matt.newville@gmail.com - 2013-01-05 08:40 -0800
        Re: Yet another attempt at a safe eval() call matt.newville@gmail.com - 2013-01-05 08:40 -0800
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 16:38 +0000
      Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 03:51 +1100
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 17:14 +0000
          Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 04:21 +1100
            Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 18:09 +0000
              Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 05:23 +1100
                Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 18:43 +0000
                Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 06:02 +1100
  Re: Yet another attempt at a safe eval() call Chris Rebert <clp2@rebertia.com> - 2013-01-03 23:50 -0800
  Re: Yet another attempt at a safe eval() call Terry Reedy <tjreedy@udel.edu> - 2013-01-04 07:24 -0500
    Re: Yet another attempt at a safe eval() call Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-01-04 13:33 +0000
      Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 15:59 +0000
      Re: Yet another attempt at a safe eval() call Alister <alister.ware@ntlworld.com> - 2013-01-04 18:13 +0000

csiph-web