Path: csiph.com!usenet.pasdenom.info!gegeweb.org!newsfeed.kamp.net!newsfeed.kamp.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.002 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'example:': 0.03; 'url:pypi': 0.03; 'class,': 0.07; 'explicit': 0.07; 'subject:Question': 0.07; 'currently,': 0.09; 'if,': 0.09; 'namespace': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'subject:skip:a 10': 0.09; 'python': 0.11; 'ast': 0.16; 'definitions,': 0.16; 'dictionary),': 0.16; 'disallow': 0.16; 'expression.': 0.16; 'for,': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'syntax,': 0.16; 'wrote:': 0.18; 'module': 0.19; 'seems': 0.21; '>>>': 0.22; 'code,': 0.22; 'import': 0.22; 'header:User-Agent:1': 0.23; 'supported': 0.26; 'defined': 0.27; 'header:X-Complaints-To:1': 0.27; 'header:In- Reply-To:1': 0.27; 'function': 0.29; 'concern': 0.31; 'exceptions': 0.31; 'maintaining': 0.32; 'url:python': 0.33; 'skip:_ 10': 0.34; 'but': 0.35; 'there': 0.35; 'thanks': 0.36; 'url:org': 0.36; 'to:addr:python-list': 0.38; 'does': 0.39; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'skip:u 10': 0.60; 'flat': 0.60; 'most': 0.60; "you're": 0.61; 'email addr:gmail.com': 0.63; 'name': 0.63; 'protection': 0.63; 'skip:n 10': 0.64; 'relatively': 0.65; 'worth': 0.66; 'biggest': 0.67; 'frank': 0.68; 'useful.': 0.68; 'safe': 0.72; 'guaranteed': 0.75; 'attacks.': 0.84; 'calculations': 0.84; 'exposing': 0.91; 'notable': 0.91; 'walking': 0.91 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Frank Millman Subject: Re: Question about ast.literal_eval Date: Tue, 21 May 2013 07:54:28 +0200 References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: 197.87.30.233 User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 In-Reply-To: X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 29 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1369115684 news.xs4all.nl 15991 [2001:888:2000:d::a6]:39184 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:45644 On 21/05/2013 04:39, matt.newville@gmail.com wrote: > > You might find the asteval module (https://pypi.python.org/pypi/asteval) useful. It provides a relatively safe "eval", for example: > > >>> import asteval > >>> a = asteval.Interpreter() > >>> a.eval('x = "abc"') > >>> a.eval('x in ("abc", "xyz")') > True > >>> a.eval('import os') > NotImplementedError > import os > 'Import' not supported > >>> a.eval('__import__("os")') > NameError > __import__("os") > name '__import__' is not defined > > This works by maintaining an internal namespace (a flat dictionary), and walking the AST generated for the expression. It supports most Python syntax, > including if, for, while, and try/except blocks, and function definitions, and with the notable exceptions of eval, exec, class, lambda, yield, and import. This requires Python2.6 and higher, and does work with Python3.3. > > Of course, it is not guaranteed to be completely safe, but it does disallow imports, which seems like the biggest vulnerability concern listed here. Currently, there is no explicit protection against long-running calculations for denial of service attacks. If you're exposing an SQL database to user-generated code, that may be worth considering. Thanks for this, Matt. I will definitely look into it. Frank