07.11.17 16:41, Steven D'Aprano пише:
On Tue, Nov 07, 2017 at 03:35:58PM +0200, Serhiy Storchaka wrote:
07.11.17 12:29, אלעזר пише:
Also, it is unfortunate that `ast.literal_eval` is less accessible than
`builtins.eval`. Giving it an alias in builtins might make it easier for
programmers (and less scary - "ast" might sound like I need a PhD to use
it).
ast.literal_eval is not so safe as you think. Malicious input can cause
a stack overflow in your program. [1]
[1] https://bugs.python.org/issue31113
I don't see anything about literal_eval in that bug report.
Sorry, this particular issue isn't related to literal_eval. There was
other recently fixed issue, but I forgot its number.
But the point is that the compiler is recursive, and processing nested
constructs consumes the C stack. There are some guards against too deep
recursion (2.7 has less guards and more vulnerable), but it is hard to
prove that all vulnerabilities are fixed.
Your method (limiting the size of the input) helps against some attacks.
Other methods -- restricting the set of characters and the number of
parenthesis, braces and brackets.
_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/
