Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'url:pypi': 0.03; 'cache': 0.05; 'that?': 0.05; 'expressions': 0.07; 'suppose': 0.07; 'variables.': 0.07; 'python': 0.09; 'ast': 0.09; 'imports': 0.09; 'namespace': 0.09; 'to:addr:comp.lang.python': 0.09; 'url:github': 0.09; 'cc:addr:python-list': 0.10; '"right"': 0.16; '--matt': 0.16; 'accidental': 0.16; 'benjamin': 0.16; 'cc:name:python list': 0.16; 'effect,': 0.16; 'evaluating': 0.16; 'exploits': 0.16; 'general.': 0.16; 'nodes': 0.16; 'pypi?': 0.16; 'syntax.': 0.16; 'wrote:': 0.17; 'fix': 0.17; 'thu,': 0.17; 'jan': 0.18; 'obviously': 0.18; '>>>': 0.18; 'memory': 0.18; 'module': 0.19; 'code.': 0.20; 'bit': 0.21; 'import': 0.21; 'do.': 0.21; 'fairly': 0.21; "i'd": 0.22; 'installed': 0.23; 'cc:2**1': 0.24; 'least': 0.25; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; 'header:User-Agent:1': 0.26; 'am,': 0.27; 'cc:addr:gmail.com': 0.27; 'possibility': 0.27; 'possibly': 0.27; 'prevent': 0.27; 'module.': 0.27; 'primarily': 0.27; 'chris': 0.28; '>>>>': 0.29; 'arithmetic': 0.29; 'arrays': 0.29; "d'aprano": 0.29; 'steven': 0.29; 'url:code': 0.29; 'figure': 0.30; 'url:python': 0.32; 'ubuntu': 0.33; 'anyone': 0.33; 'another': 0.33; 'that,': 0.34; 'received:google.com': 0.34; 'project': 0.34; 'involving': 0.35; 'remote': 0.35; 'received:209.85': 0.35; 'there': 0.35; 'created': 0.36; 'but': 0.36; 'url:org': 0.36; 'data.': 0.36; 'should': 0.36; 'problems': 0.36; 'supporting': 0.37; 'does': 0.37; 'uses': 0.37; 'being': 0.37; 'why': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'called': 0.39; 'your': 0.60; 'claim': 0.60; 'from:no real name:2**0': 0.60; 'most': 0.61; 'side': 0.61; 'evaluate': 0.62; 'safe': 0.63; 'url:p': 0.63; 'more': 0.63; 'within': 0.64; 'url:0': 0.67; 'obvious': 0.71; 'link:': 0.75; '2013': 0.84; 'alternative.': 0.84; 'malicious': 0.84; 'oscar': 0.84; 'unaware': 0.84; 'edwards': 0.91; 'safer': 0.91 Newsgroups: comp.lang.python Date: Sat, 5 Jan 2013 08:40:34 -0800 (PST) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=8.20.115.34; posting-account=9ZEQfQoAAABspi7JCv5jdcDZfN8CaWyj References: <50e6891c$0$30003$c3e8da3$5496439d@news.astraweb.com> User-Agent: G2/1.0 X-Google-Web-Client: true X-Google-IP: 8.20.115.34 MIME-Version: 1.0 Subject: Re: Yet another attempt at a safe eval() call From: matt.newville@gmail.com To: comp.lang.python@googlegroups.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Python List X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Message-ID: Lines: 98 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1357404044 news.xs4all.nl 6946 [2001:888:2000:d::a6]:41878 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:36195 On Saturday, January 5, 2013 8:17:16 AM UTC-8, Oscar Benjamin wrote: > On 5 January 2013 16:01, Chris Angelico wrote: >=20 > > On Sun, Jan 6, 2013 at 2:56 AM, Oscar Benjamin >=20 > > wrote: >=20 > >> On 4 January 2013 15:53, Grant Edwards wrote= : >=20 > >>> On 2013-01-04, Steven D'Aprano = wrote: >=20 > >>>> On Thu, 03 Jan 2013 23:25:51 +0000, Grant Edwards wrote: >=20 > >>>> >=20 > >>>> * But frankly, you should avoid eval, and write your own mini-intege= r >=20 > >>>> arithmetic evaluator which avoids even the most remote possibility >=20 > >>>> of exploit. >=20 > >>> >=20 > >>> That's obviously the "right" thing to do. I suppose I should figure >=20 > >>> out how to use the ast module. >=20 > >> >=20 > >> Someone has already created a module that does this called numexpr. Is >=20 > >> there some reason why you don't want to use that? >=20 > >> >=20 > >>>>> import numexpr >=20 > >>>>> numexpr.evaluate('2+4*5') >=20 > >> array(22, dtype=3Dint32) >=20 > >>>>> numexpr.evaluate('2+a*5', {'a':4}) >=20 > >> array(22L) >=20 > > >=20 > > Is that from PyPI? It's not in my Python 3.3 installation. Obvious >=20 > > reason not to use it: Unaware of it. :) >=20 >=20 >=20 > My apologies. I should have at least provided a link: >=20 > http://code.google.com/p/numexpr/ >=20 >=20 >=20 > I installed it from the ubuntu repo under the name python-numexpr. It >=20 > is also on PyPI: >=20 > http://pypi.python.org/pypi/numexpr >=20 >=20 >=20 > numexpr is a well established project intended primarily for memory >=20 > and cache efficient computations over large arrays of data. Possibly >=20 > as a side effect, it can also be used to evaluate simple algebraic >=20 > expressions involving ordinary scalar variables. >=20 >=20 >=20 >=20 >=20 > Oscar The asteval module http://pypi.python.org/pypi/asteval/0.9 and http://newville.github.com/asteval/ might be another alternative. It's no= t as fast as numexpr, but a bit more general. It uses the ast module to "co= mpile" an expression into the AST, then walks through that, intercepting Na= me nodes and using a flat namespace of variables. It disallows imports and= does not support all python constructs, but it is a fairly complete in sup= porting python syntax. It makes no claim at actually being safe from malicious attack, but should = be safer than a straight eval(), and prevent accidental problems when evalu= ating user-input as code. If anyone can find exploits within it, I'd be ha= ppy to try to fix them. --Matt