Hi all
I know that the use of 'eval' is discouraged because of the dangers of
executing untrusted code.
Here is a variation that seems safe to me, but I could be missing something.
I have a class, and the class has one or more methods which accept various
arguments and return a result.
I
Frank Millman fr...@chagford.com writes:
I then receive my_string = 'calc_area(100, 200)'.
result = eval('my_inst.{0}'.format(my_string))
This will only work if the string contains a valid method name with
valid arguments.
Can anyone see anything wrong with this?
Um, yes. What are valid
Frank Millman wrote:
Hi all
I know that the use of 'eval' is discouraged because of the dangers of
executing untrusted code.
Here is a variation that seems safe to me, but I could be missing
something.
I have a class, and the class has one or more methods which accept various
Thanks, Paul and Peter.
It seemed like a good idea at the time.
Thank you for straightening me out.
Frank
--
http://mail.python.org/mailman/listinfo/python-list
On Thu, 2011-02-24 at 10:48 +0200, Frank Millman wrote:
Hi all
I know that the use of 'eval' is discouraged because of the dangers of
executing untrusted code.
Here is a variation that seems safe to me, but I could be missing something.
I have a class, and the class has one or more
On Thu, 2011-02-24 at 20:13 +1100, Ryan Kelly wrote:
On Thu, 2011-02-24 at 10:48 +0200, Frank Millman wrote:
Hi all
I know that the use of 'eval' is discouraged because of the dangers of
executing untrusted code.
Here is a variation that seems safe to me, but I could be missing
Am 24.02.2011 10:01, schrieb Peter Otten:
How do you prevent that a malicious source sends you
my_string = 'calc_area(__import__(os).system(rm important_file) or 100,
200)'
instead?
By using something like
http://code.activestate.com/recipes/496746-restricted-safe-eval/ . With
a
Christian Heimes li...@cheimes.de wrote
Am 24.02.2011 10:01, schrieb Peter Otten:
How do you prevent that a malicious source sends you
my_string = 'calc_area(__import__(os).system(rm important_file) or
100,
200)'
instead?
By using something like
On Thu, 24 Feb 2011 15:24:51 +0200, Frank Millman wrote:
Thanks, Christian. I had a look at that recipe, but I must say that Paul's
suggestion is much simpler -
from ast import literal_eval
method_name = 'calc_area'
args = literal_eval('(100,200)')
result = getattr(my_inst,
