Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #36120

Re: Yet another attempt at a safe eval() call

Path csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.004
X-Spam-Evidence '*H*': 0.99; '*S*': 0.00; 'operator': 0.03; 'intermediate': 0.05; 'badly': 0.07; 'expressions': 0.07; 'pretend': 0.07; 'augmented': 0.09; 'notation': 0.09; 'variables,': 0.09; 'worse': 0.09; 'sat,': 0.15; 'backslash,': 0.16; 'brackets,': 0.16; 'colons': 0.16; 'commas,': 0.16; 'formula': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'instance:': 0.16; 'overloaded': 0.16; 'parentheses': 0.16; 'two.': 0.16; 'wrote:': 0.17; '(in': 0.18; 'jan': 0.18; '(or': 0.18; 'fairly': 0.21; 'assignment': 0.22; 'recognize': 0.22; 'insert': 0.23; "i've": 0.23; 'header:In-Reply- To:1': 0.25; 'am,': 0.27; 'done.': 0.27; 'separate': 0.27; 'message-id:@mail.gmail.com': 0.27; 'fast.': 0.29; 'grouping': 0.29; 'reduced': 0.29; 'statements': 0.29; 'character': 0.29; 'probably': 0.29; "i'm": 0.29; 'function': 0.30; 'gets': 0.32; 'skip:- 10': 0.32; 'could': 0.32; 'handle': 0.33; 'to:addr:python- list': 0.33; "can't": 0.34; 'received:google.com': 0.34; 'or,': 0.34; 'open': 0.35; 'received:209.85.220': 0.35; 'received:209.85': 0.35; 'list.': 0.35; 'explain': 0.36; 'but': 0.36; 'two': 0.37; 'rather': 0.37; 'received:209': 0.37; 'far': 0.37; 'subject:: ': 0.38; 'store': 0.38; 'there,': 0.38; 'to:addr:python.org': 0.39; 'header:Received:5': 0.40; 'your': 0.60; 'protection': 0.62; 'evaluate': 0.62; 'maximum': 0.63; 'six': 0.65; 'results': 0.65; 'potentially': 0.66; 'obvious': 0.71; 'prohibited': 0.74; 'square': 0.75; 'yourself,': 0.75; '2013': 0.84; 'asterisk': 0.84; 'forced': 0.84; 'mistaken': 0.84; 'edwards': 0.91; 'demand': 0.96
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=d1JEU4+qdMAlyJYoG+v8c2M3TnFrvFtkxSL3tk37tfw=; b=UPoxUxP53ie1YubkdpHQeuFsOAL2/mIJvWBnUlYoQ+0doVyamttyhb5HZRaxKwOY/d pH3t1du4RfyVRy/y+ZUXWNFqR6BYAS84hwBcThl3gIXW4P67zLEVcrlS0cpk/JfBV8DV IL0d/E31vaGM0FQG9yQkRvLdhCN0A8nfRkPxFfxIch6/cNg4Rb5WJQ+41c08nHC9QjsS epOY3Lsi5+Es+FVi/QAzcOuuxQpZjkseCJcEk+lA+bnfsI6nYX2kidbMA++CkcacaRZH QAW5ZkhB11z06+0IZCHcoAdCEDZmX8BaM/x6lfN5xJc/fhlmGjjld/gDzh7I5K43MR3X QaIQ==
MIME-Version 1.0
In-Reply-To <kc70hb$p5$1@reader1.panix.com>
References <kc541v$3e4$1@reader1.panix.com> <50e6891c$0$30003$c3e8da3$5496439d@news.astraweb.com> <kc70hb$p5$1@reader1.panix.com>
Date Sat, 5 Jan 2013 03:51:23 +1100
Subject Re: Yet another attempt at a safe eval() call
From Chris Angelico <rosuav@gmail.com>
To python-list@python.org
Content-Type text/plain; charset=ISO-8859-1
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.89.1357318292.2939.python-list@python.org> (permalink)
Lines 36
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1357318292 news.xs4all.nl 6925 [2001:888:2000:d::a6]:38167
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:36120

Show key headers only | View raw

On Sat, Jan 5, 2013 at 3:38 AM, Grant Edwards <invalid@invalid.invalid> wrote:
> I've added equals, backslash, commas, square/curly brackets, colons and semicolons to the
> prohibited character list. I also reduced the maximum length to 60
> characters.  It's unfortunate that parentheses are overloaded for both
> expression grouping and for function calling...

I have to say that an expression evaluator that can't handle parens
for grouping is badly flawed. Can you demand that open parenthesis be
preceded by an operator (or beginning of line)? For instance:

(1+2)*3+4 # Valid
1+2*(3+4) # Valid
1+2(3+4) # Invalid, this will attempt to call 2

You could explain it as a protection against mistaken use of algebraic
notation (in which the last two expressions have the same meaning and
evaluate to 15). Or, alternatively, you could simply insert the
asterisk yourself, though that could potentially be VERY confusing.

Without parentheses, your users will be forced to store intermediate
results in variables, which gets tiresome fast.

discriminant = b*b-4*a*c
denominator = 2*a
# Okay, this expression demands a square rooting, but let's pretend that's done.
sol1 = -b+discriminant
sol2 = -b-discrminant
sol1 = sol1/denominator
sol2 /= denominator # if they know about augmented assignment

You can probably recognize the formula I'm working with there, but
it's far less obvious and involves six separate statements rather than
two. And this is a fairly simple formula. It'll get a lot worse in
production.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-03 23:25 +0000
  Re: Yet another attempt at a safe eval() call Tim Chase <python.list@tim.thechases.com> - 2013-01-03 19:11 -0600
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 02:34 +0000
  Re: Yet another attempt at a safe eval() call Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-01-04 07:47 +0000
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 15:53 +0000
      Re: Yet another attempt at a safe eval() call Michael Torrie <torriem@gmail.com> - 2013-01-04 09:05 -0700
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 16:16 +0000
      Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-05 15:56 +0000
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-06 15:12 +0000
          Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-07 00:08 +0000
      Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-06 03:01 +1100
      Re: Yet another attempt at a safe eval() call Oscar Benjamin <oscar.j.benjamin@gmail.com> - 2013-01-05 16:17 +0000
        Re: Yet another attempt at a safe eval() call matt.newville@gmail.com - 2013-01-05 08:40 -0800
        Re: Yet another attempt at a safe eval() call matt.newville@gmail.com - 2013-01-05 08:40 -0800
    Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 16:38 +0000
      Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 03:51 +1100
        Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 17:14 +0000
          Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 04:21 +1100
            Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 18:09 +0000
              Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 05:23 +1100
                Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 18:43 +0000
                Re: Yet another attempt at a safe eval() call Chris Angelico <rosuav@gmail.com> - 2013-01-05 06:02 +1100
  Re: Yet another attempt at a safe eval() call Chris Rebert <clp2@rebertia.com> - 2013-01-03 23:50 -0800
  Re: Yet another attempt at a safe eval() call Terry Reedy <tjreedy@udel.edu> - 2013-01-04 07:24 -0500
    Re: Yet another attempt at a safe eval() call Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-01-04 13:33 +0000
      Re: Yet another attempt at a safe eval() call Grant Edwards <invalid@invalid.invalid> - 2013-01-04 15:59 +0000
      Re: Yet another attempt at a safe eval() call Alister <alister.ware@ntlworld.com> - 2013-01-04 18:13 +0000

csiph-web