Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #36309

Re: Yet another attempt at a safe eval() call

Path csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsreader4.netcologne.de!news.netcologne.de!xlned.com!feeder7.xlned.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path <oscar.j.benjamin@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.006
X-Spam-Evidence '*H*': 0.99; '*S*': 0.00; 'algorithm': 0.03; 'that?': 0.05; 'pypi': 0.07; 'suppose': 0.07; 'python': 0.09; '(it': 0.09; 'ast': 0.09; '"right"': 0.16; 'benjamin': 0.16; 'googling': 0.16; 'to:name:python list': 0.16; 'wrote:': 0.17; 'library,': 0.17; 'thu,': 0.17; 'jan': 0.18; 'obviously': 0.18; '>>>': 0.18; 'module': 0.19; 'file.': 0.20; 'do.': 0.21; 'header:In-Reply- To:1': 0.25; 'url:wiki': 0.26; 'possibility': 0.27; 'module.': 0.27; 'message-id:@mail.gmail.com': 0.27; '>>>>': 0.29; 'arithmetic': 0.29; "d'aprano": 0.29; 'steven': 0.29; 'url:wikipedia': 0.29; 'source': 0.29; 'figure': 0.30; 'helpful': 0.30; 'code': 0.31; 'to:addr:python-list': 0.33; 'received:google.com': 0.34; 'remote': 0.35; "won't": 0.35; 'received:209.85': 0.35; 'something': 0.35; 'there': 0.35; 'created': 0.36; 'but': 0.36; 'url:org': 0.36; "didn't": 0.36; 'useful': 0.36; 'should': 0.36; 'possible': 0.37; 'does': 0.37; 'why': 0.37; '(for': 0.37; 'rather': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'url:en': 0.38; 'to:addr:python.org': 0.39; 'called': 0.39; 'little': 0.39; 'header:Received:5': 0.40; 'your': 0.60; 'most': 0.61; 'more': 0.63; 'legal': 0.65; '2013': 0.84; 'oscar': 0.84; 'presumably': 0.84; 'edwards': 0.91
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=t06uqvxZOVqvsKz4TDjme2tv83ZJJlLOIbgsytFulUs=; b=NrqXf8d9BzTFoMbNHUe73hTfZpkspwuTYB3sk6DYwHrgdllY0moh+0qxt9wZvNh/lr CPyLXfGWCJ+gEwDMXu7xfxbWSYNmjL7qI523aK0idRFNquIDhjWCKMTFjy1JOsObtQS/ 9xIkf2oajlgURiny+e5kEM9IGDyevzUq2wNO0eVahqF0tVip2XO+m69cDhdh9VXd+biC Maqq7CbI1MZIs6LQ6qbpX7dAHuoJUzFhbGdAKh8AouCMPtCszqe8+eGTUpBiMjkdhqsM qh3AEeursA5JXc+TCZLpfqE/cTN2eGyv1KeAZ+SoKMUZyyV2lkwjUE6ZNYO8iv7ayiLJ AC2A==
MIME-Version 1.0
In-Reply-To <kcc49e$aii$1@reader1.panix.com>
References <kc541v$3e4$1@reader1.panix.com> <50e6891c$0$30003$c3e8da3$5496439d@news.astraweb.com> <kc6tu3$s34$1@reader1.panix.com> <mailman.126.1357401393.2939.python-list@python.org> <kcc49e$aii$1@reader1.panix.com>
Date Mon, 7 Jan 2013 00:08:07 +0000
Subject Re: Yet another attempt at a safe eval() call
From Oscar Benjamin <oscar.j.benjamin@gmail.com>
To Python List <python-list@python.org>
Content-Type text/plain; charset=ISO-8859-1
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.200.1357517295.2939.python-list@python.org> (permalink)
Lines 32
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1357517295 news.xs4all.nl 6966 [2001:888:2000:d::a6]:49794
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:36309

Show key headers only | View raw

On 6 January 2013 15:12, Grant Edwards <invalid@invalid.invalid> wrote:
> On 2013-01-05, Oscar Benjamin <oscar.j.benjamin@gmail.com> wrote:
>> On 4 January 2013 15:53, Grant Edwards <invalid@invalid.invalid> wrote:
>>> On 2013-01-04, Steven D'Aprano <steve+comp.lang.python@pearwood.info> wrote:
>>>> On Thu, 03 Jan 2013 23:25:51 +0000, Grant Edwards wrote:
>>>>
>>>> * But frankly, you should avoid eval, and write your own mini-integer
>>>>   arithmetic evaluator which avoids even the most remote possibility
>>>>   of exploit.
>>>
>>> That's obviously the "right" thing to do.  I suppose I should figure
>>> out how to use the ast module.
>>
>> Someone has already created a module that does this called numexpr. Is
>> there some reason why you don't want to use that?
>
> 1) I didn't know about it, and my Googling didn't find it.
>
> 2) It's not part of the standard library, and my program needs to be
>    distributed as a single source file.

That's an unfortunate restriction. It also won't be possible to reuse
the code from numexpr (for technical rather than legal reasons).
Perhaps asteval will be more helpful in that sense.

Otherwise presumably the shunting-yard algorithm comes out a little
nicer in Python than in C (it would be useful if something like this
were available on PyPI as a pure Python module):
http://en.wikipedia.org/wiki/Shunting_yard_algorithm#C_example


Oscar

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-03 23:25 +0000
  Re: Yet another attempt at a safe eval() call Tim Chase <python.list@tim.thechases.com> - 2013-01-03 19:11 -0600
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 02:34 +0000
  Re: Yet another attempt at a safe eval() call Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-01-04 07:47 +0000
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 15:53 +0000
      Re: Yet another attempt at a safe eval() call Michael Torrie <torriem@gmail.com> - 2013-01-04 09:05 -0700
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 16:16 +0000
      Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-05 15:56 +0000
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-06 15:12 +0000
          Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-07 00:08 +0000
      Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-06 03:01 +1100
      Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-05 16:17 +0000
        Re: Yet another attempt at a safe eval() call matt.newville@gmail.com - 2013-01-05 08:40 -0800
        Re: Yet another attempt at a safe eval() call matt.newville@gmail.com - 2013-01-05 08:40 -0800
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 16:38 +0000
      Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 03:51 +1100
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 17:14 +0000
          Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 04:21 +1100
            Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 18:09 +0000
              Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 05:23 +1100
                Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 18:43 +0000
                Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 06:02 +1100
  Re: Yet another attempt at a safe eval() call Chris Rebert <clp2@rebertia.com> - 2013-01-03 23:50 -0800
  Re: Yet another attempt at a safe eval() call Terry Reedy <tjreedy@udel.edu> - 2013-01-04 07:24 -0500
    Re: Yet another attempt at a safe eval() call Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-01-04 13:33 +0000
      Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 15:59 +0000
      Re: Yet another attempt at a safe eval() call Alister <alister.ware@ntlworld.com> - 2013-01-04 18:13 +0000

csiph-web