On Oct 8, 8:34 pm, "Warren DeLano" <[EMAIL PROTECTED]> wrote:
> I would like to parse arbitrary insecure text string containing nested > Python data structures in eval-compatible form: > > # For example, given a "config.txt" such as: > > { > 'my_atom' : 1.20, > 'my_dict' : { 2:50 , 'hi':'mom'}, > 'my_list' : [ (1,2,3), [4.5,6.9], 'foo', 0 ] > > } > > # I would like to do something like this: > > empty_space = {'__builtins__' : {}} > > try: > config = eval(open("config.txt").read(), empty_space, empty_space) > except: > config = {} > > print config > > # But I know for certain that the above approach is NOT secure since > object attributes can still be accessed... > > So is there an equally convenient yet secure alternative available for > parsing strings containing Python data structure definitions? > > Thanks in advance for any pointers! This topic comes up every other month or so in this list, so if you had taken a minute to search for "python safe eval" or a variation thereof in your favorite search engine, you'd get more than enough pointers. George -- http://mail.python.org/mailman/listinfo/python-list