Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #31641

Re: use of exec()

Newsgroups comp.lang.python
Date 2012-10-18 07:07 -0700
References <2f12fa83-54cc-4fc2-85e4-b8aebebf4242@googlegroups.com> <mailman.2425.1350560975.27098.python-list@python.org>
Subject Re: use of exec()
From lars van gemerden <lars@rational-it.com>
Message-ID <mailman.2434.1350569254.27098.python-list@python.org> (permalink)

Show all headers | View raw

On Thursday, October 18, 2012 1:49:35 PM UTC+2, Chris Angelico wrote:
> On Thu, Oct 18, 2012 at 10:41 PM, lars van gemerden
> 
> <lars@rational-it.com> wrote:
> 
> > NameError: name 'function' is not defined
> 
> >
> 
> > which seems an odd error, but i think some global variable is necessary for this to work (if i put in globals() instead of {}, it works).
> 
> 
> 
> The def statement simply adds a name to the current namespace. This
> 
> should work (untested):
> 
> 
> 
> class _functioncode(code):
> 
>     def _creat_func_(self):
> 
>         ns={}
> 
>         exec("def function(%s):\n\t%s" % (", ".join(type(self).args),
> 
>                                           "\n\t".join(self.split('\n'))),ns,ns)
> 
>         return ns.function
> 
> 
> 
> But it's going to be eternally plagued by security issues. You may
> 
> want, instead, to look at literal_eval from the ast module; but that
> 
> won't work if you need anything other than, as the name suggests,
> 
> literals.
> 
> 
> 
> ChrisA

Thanks, Chris,

That works like a charm (after replacig "return ns.function" with "return ns['function']" ;-) ).

About the security, i noticed you can still import and use modules within the exec'ed code. Is there a way to prevent this or otherwise make this approach more secure.

I should say that the users that will be able to make custom functions, are not end-users, but authenticated designers, however i would like to close a backdoor to the whole framework.

Cheers, Lars

Back to comp.lang.python | Previous | NextPrevious in thread | Find similar | Unroll thread

Thread

use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 04:41 -0700
  Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-18 22:49 +1100
    Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700
      Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 01:29 +1100
        Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
          Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 02:16 +1100
            Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
              Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-20 13:00 +1100
                Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
                Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
            Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
        Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
    Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700

csiph-web