Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #45645
| From | Frank Millman <frank@chagford.com> |
|---|---|
| Subject | Re: Question about ast.literal_eval |
| Date | 2013-05-21 08:30 +0200 |
| References | (2 earlier) <knckj0$cft$1@ger.gmane.org> <CAPTjJmpb073XFH5ksNhzRyAJNSJF=6WNq5pGzed4PXqBrJBN=A@mail.gmail.com> <knclk6$lva$1@ger.gmane.org> <mailman.1888.1369056365.3114.python-list@python.org> <519a4b6a$0$29997$c3e8da3$5496439d@news.astraweb.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.1905.1369117820.3114.python-list@python.org> (permalink) |
On 20/05/2013 18:12, Steven D'Aprano wrote:
> On Mon, 20 May 2013 15:26:02 +0200, Frank Millman wrote:
>
>> Can anyone see anything wrong with the following approach. I have not
>> definitely decided to do it this way, but I have been experimenting and
>> it seems to work.
>>
[...]
>
> It seems safe to me too, but then any fool can come up with a system
> which they themselves cannot break :-)
>
Thanks for the detailed response.
> I think the real worry is validating the column name. That will be
> critical.
I would not pass the actual column name to eval(), I would use it to
retrieve a value from a data object and pass that to eval(). However,
then your point becomes 'validating the value retrieved'. I had not
thought about that. I will investigate further.
> Personally, I would strongly suggest writing your own mini-
> evaluator that walks the list and evaluates it by hand. It isn't as
> convenient as just calling eval, but *definitely* safer.
>
I am not sure I can wrap my mind around mixed 'and's, 'or's, and brackets.
[Thinking aloud]
Maybe I can manually reduce each internal test to a True or False,
substitute them in the list, and then call eval() on the result.
eval('(True and False) or (False or True)')
I will experiment with that.
> If you do call eval, make sure you supply the globals and locals
> arguments. The usual way is:
>
> eval(expression, {'__builtins__': None}, {})
>
> which gives you an empty locals() and a minimal, (mostly) safe globals.
>
Thanks - I did not know about that.
> Finally, as a "belt-and-braces" approach, I wouldn't even call eval
> directly, but call a thin wrapper that raises an exception if the
> expression contains an underscore. Underscores are usually the key to
> breaking eval, so refusing to evaluate anything with an underscore raises
> the barrier very high.
>
> And even with all those defences, I wouldn't allow untrusted data from
> the Internet anywhere near this. Just because I can't break it, doesn't
> mean it's safe.
>
All good advice - much appreciated.
Frank
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Re: Question about ast.literal_eval Frank Millman <frank@chagford.com> - 2013-05-20 15:26 +0200
Re: Question about ast.literal_eval Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-05-20 16:12 +0000
Re: Question about ast.literal_eval Chris Angelico <rosuav@gmail.com> - 2013-05-21 02:23 +1000
Re: Question about ast.literal_eval Frank Millman <frank@chagford.com> - 2013-05-21 08:30 +0200
Re: Question about ast.literal_eval Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-05-21 07:21 +0000
Re: Question about ast.literal_eval Frank Millman <frank@chagford.com> - 2013-05-21 10:06 +0200
Re: Question about ast.literal_eval Fábio Santos <fabiosantosart@gmail.com> - 2013-05-21 09:23 +0100
Re: Question about ast.literal_eval Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-05-21 10:00 +0100
csiph-web