Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <lars@rational-it.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.001
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'framework.': 0.07; 'ast': 0.09; 'nameerror:': 0.09; 'subject:()': 0.09; 'to:addr:comp.lang.python': 0.09; '{},': 0.09; 'cc:addr:python- list': 0.10; 'def': 0.10; ';-)': 0.11; 'chris,': 0.16; 'literals.': 0.16; 'namespace.': 0.16; 'oct': 0.16; 'wrote:': 0.17; 'odd': 0.17; 'thu,': 0.17; 'thanks,': 0.18; 'code.': 0.20; 'variable': 0.20; 'skip:" 30': 0.20; 'import': 0.21; 'defined': 0.22; 'skip:_ 20': 0.22; 'cheers,': 0.23; 'cc:2**0': 0.23; 'statement': 0.23; 'seems': 0.23; 'cc:no real name:2**0': 0.24; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; 'header :User-Agent:1': 0.26; 'skip:" 20': 0.26; 'prevent': 0.27; 'chris': 0.28; 'noticed': 0.28; 'issues.': 0.29; 'skip:_ 10': 0.29; 'van': 0.29; 'class': 0.29; 'thursday,': 0.30; 'instead,': 0.33; 'received:google.com': 0.34; 'adds': 0.35; 'pm,': 0.35; "won't": 0.35; 'received:209.85': 0.35; 'there': 0.35; 'but': 0.36; 'modules': 0.36; 'anything': 0.36; 'should': 0.36; 'october': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'instead': 0.39; 'think': 0.40; 'close': 0.63; 'skip:n 10': 0.63; 'more': 0.63; 'within': 0.64; 'secure.': 0.65; 'want,': 0.65; 'backdoor': 0.84
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=path:newsgroups:date:in-reply-to:complaints-to:injection-info :nntp-posting-host:references:user-agent:x-google-web-client :x-google-ip:mime-version:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=/WS1GGcEvMhjyrYL1nBHi/dazqcoNJpMtgOT5VSDndA=; b=SYUkngQddHG+e6ZgxFFM8sL5SkA9SnsTgiv5CNKAbIN4J/knKlIdaCGNEMhEmxprha pz2p5HJ6tcearZj83/rJPGx30TJCjux4wStZdLgfYP85xvLuDoo49oZcdKY4PKUkkMQI UupeNnUUTWIytnBvjllYtF7YA/vyuEL1kOTMsDjRl7UzQiiavHosRGiHjdSlnfpVTSpf /Dx3ggt8vbe8ME2ffuwXJmSemQqWjZza6Ieo9CaQ/XZplMDYUR6FFuBvdclNYOqP79ZW Gda8LLa66XGcD1r9H3wHrHkBaTpP0hq9bzXXIRKYPml07r+FonQC9PDbBUnxpOiIQEDR Kvbg==
Newsgroups: comp.lang.python
Date: Thu, 18 Oct 2012 07:07:30 -0700 (PDT)
In-Reply-To: <mailman.2425.1350560975.27098.python-list@python.org>
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=94.209.206.24; posting-account=gpkyRAoAAABlPh1mY6Zt264UpMjIbxAz
References: <2f12fa83-54cc-4fc2-85e4-b8aebebf4242@googlegroups.com> <mailman.2425.1350560975.27098.python-list@python.org>
User-Agent: G2/1.0
X-Google-Web-Client: true
X-Google-IP: 94.209.206.24
MIME-Version: 1.0
Subject: Re: use of exec()
From: lars van gemerden <lars@rational-it.com>
To: comp.lang.python@googlegroups.com
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQnZrvCPjBV7yutd7e78ykJdC/yHALGXkVffjS+zmMx4Zm0hmc3vTa9vc6JTfVZNIL/2fdm2
Cc: python-list@python.org
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Message-ID: <mailman.2434.1350569254.27098.python-list@python.org>
Lines: 57
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1350569254 news.xs4all.nl 6882 [2001:888:2000:d::a6]:50175
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:31641

On Thursday, October 18, 2012 1:49:35 PM UTC+2, Chris Angelico wrote:
> On Thu, Oct 18, 2012 at 10:41 PM, lars van gemerden
> 
> <lars@rational-it.com> wrote:
> 
> > NameError: name 'function' is not defined
> 
> >
> 
> > which seems an odd error, but i think some global variable is necessary for this to work (if i put in globals() instead of {}, it works).
> 
> 
> 
> The def statement simply adds a name to the current namespace. This
> 
> should work (untested):
> 
> 
> 
> class _functioncode(code):
> 
>     def _creat_func_(self):
> 
>         ns={}
> 
>         exec("def function(%s):\n\t%s" % (", ".join(type(self).args),
> 
>                                           "\n\t".join(self.split('\n'))),ns,ns)
> 
>         return ns.function
> 
> 
> 
> But it's going to be eternally plagued by security issues. You may
> 
> want, instead, to look at literal_eval from the ast module; but that
> 
> won't work if you need anything other than, as the name suggests,
> 
> literals.
> 
> 
> 
> ChrisA

Thanks, Chris,

That works like a charm (after replacig "return ns.function" with "return ns['function']" ;-) ).

About the security, i noticed you can still import and use modules within the exec'ed code. Is there a way to prevent this or otherwise make this approach more secure.

I should say that the users that will be able to make custom functions, are not end-users, but authenticated designers, however i would like to close a backdoor to the whole framework.

Cheers, Lars