Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <oscar.j.benjamin@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.002
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'url:pypi': 0.03; 'cache': 0.05; 'that?': 0.05; 'expressions': 0.07; 'suppose': 0.07; 'variables.': 0.07; 'python': 0.09; 'ast': 0.09; 'cc:addr:python- list': 0.10; '"right"': 0.16; 'benjamin': 0.16; 'cc:name:python list': 0.16; 'effect,': 0.16; 'pypi?': 0.16; 'wrote:': 0.17; 'thu,': 0.17; 'jan': 0.18; 'obviously': 0.18; '>>>': 0.18; 'memory': 0.18; 'module': 0.19; 'import': 0.21; 'do.': 0.21; 'cc:2**0': 0.23; 'installed': 0.23; 'least': 0.25; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; 'am,': 0.27; 'possibility': 0.27; 'possibly': 0.27; 'module.': 0.27; 'primarily': 0.27; 'message-id:@mail.gmail.com': 0.27; 'chris': 0.28; '>>>>': 0.29; 'arithmetic': 0.29; 'arrays': 0.29; "d'aprano": 0.29; 'steven': 0.29; 'url:code': 0.29; 'figure': 0.30; 'url:python': 0.32; 'ubuntu': 0.33; 'received:google.com': 0.34; 'project': 0.34; 'involving': 0.35; 'remote': 0.35; 'received:209.85': 0.35; 'there': 0.35; 'created': 0.36; 'but': 0.36; 'url:org': 0.36; 'data.': 0.36; 'should': 0.36; 'does': 0.37; 'why': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'called': 0.39; 'header:Received:5': 0.40; 'your': 0.60; 'most': 0.61; 'side': 0.61; 'evaluate': 0.62; 'url:p': 0.63; 'obvious': 0.71; 'link:': 0.75; '2013': 0.84; 'oscar': 0.84; 'unaware': 0.84; 'edwards': 0.91
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xiDFR3jbhry06N6TYjCsbzDncxxJT2F4jXOR0zUxBes=; b=I30ftDiS/Ea2VLpF294K5Ng6Km3eKX0GGLFU1SaFw7kz7N0xkU9QQEtVS4eyjbBaTa RGwIYGfv+kJHews1kUGnBtGzK4jXkWYtaqf+whvcodDIOi9lE5/pdLOxri0p5gwmGvKG eAw9tj5fKEYVHCsaZBsPX5L3XLZwDk+/MKdkGCInX/4gJadeN5gDd1JpW5yAHEyor+YM t4CE5K8Spl/umEdbbj5rceAro27Hqe+mxq6jLXwO4sUgoa/zkHxe4zrdiTevGoiMgUiJ FT+lglomUHfu0+7ZGe1xaN1p7zqgy/fPXEu8W3tj94C2U9hLu6p+zBhiFzaWuilLXkbI lDAg==
MIME-Version: 1.0
In-Reply-To: <CAPTjJmqtP5M-ZY13As7CMoT2fEHu8weJaGHQbqP3Rb+daX=ReA@mail.gmail.com>
References: <kc541v$3e4$1@reader1.panix.com> <50e6891c$0$30003$c3e8da3$5496439d@news.astraweb.com> <kc6tu3$s34$1@reader1.panix.com> <CAHVvXxRRRKh_0Pkb1wkkUfG+6ZqwFaH_5zBVwbSTd2qhse5HUA@mail.gmail.com> <CAPTjJmqtP5M-ZY13As7CMoT2fEHu8weJaGHQbqP3Rb+daX=ReA@mail.gmail.com>
Date: Sat, 5 Jan 2013 16:17:16 +0000
Subject: Re: Yet another attempt at a safe eval() call
From: Oscar Benjamin <oscar.j.benjamin@gmail.com>
To: Chris Angelico <rosuav@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: Python List <python-list@python.org>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.131.1357402645.2939.python-list@python.org>
Lines: 40
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1357402645 news.xs4all.nl 6957 [2001:888:2000:d::a6]:36859
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:36193

On 5 January 2013 16:01, Chris Angelico <rosuav@gmail.com> wrote:
> On Sun, Jan 6, 2013 at 2:56 AM, Oscar Benjamin
> <oscar.j.benjamin@gmail.com> wrote:
>> On 4 January 2013 15:53, Grant Edwards <invalid@invalid.invalid> wrote:
>>> On 2013-01-04, Steven D'Aprano <steve+comp.lang.python@pearwood.info> wrote:
>>>> On Thu, 03 Jan 2013 23:25:51 +0000, Grant Edwards wrote:
>>>>
>>>> * But frankly, you should avoid eval, and write your own mini-integer
>>>>   arithmetic evaluator which avoids even the most remote possibility
>>>>   of exploit.
>>>
>>> That's obviously the "right" thing to do.  I suppose I should figure
>>> out how to use the ast module.
>>
>> Someone has already created a module that does this called numexpr. Is
>> there some reason why you don't want to use that?
>>
>>>>> import numexpr
>>>>> numexpr.evaluate('2+4*5')
>> array(22, dtype=int32)
>>>>> numexpr.evaluate('2+a*5', {'a':4})
>> array(22L)
>
> Is that from PyPI? It's not in my Python 3.3 installation. Obvious
> reason not to use it: Unaware of it. :)

My apologies. I should have at least provided a link:
http://code.google.com/p/numexpr/

I installed it from the ubuntu repo under the name python-numexpr. It
is also on PyPI:
http://pypi.python.org/pypi/numexpr

numexpr is a well established project intended primarily for memory
and cache efficient computations over large arrays of data. Possibly
as a side effect, it can also be used to evaluate simple algebraic
expressions involving ordinary scalar variables.


Oscar