Giovanni Bajo wrote:
Then, I should start my usual rant about how is really sad to send patches to
Python and have them ignored for years (not even an acknowledge). Really sad.
This is why I'm not going to do that again.
I don't know the last time you read python-dev, but a number of the
senior Py
Steven Bethard wrote:
>> In fact, the documentation for eval() could be improved to explain
>> the benefits of setting __builtins__ in the globals.
>
> Well, if you think you're pretty clear on what's happening, a patch is
> always appreciated. =) I have a feeling that the docs are at least
> par
Giovanni Bajo wrote:
Michael Spencer wrote:
In fact, I believe my solution to be totally safe,
That's a bold claim! I'll readily concede that I can't access
func_globals from restricted mode eval (others may know better). But
your interpreter is still be vulnerable to DOS-style attack from
rogue
Giovanni Bajo wrote:
In fact, the documentation for eval() could be improved to explain the benefits
of setting __builtins__ in the globals.
Well, if you think you're pretty clear on what's happening, a patch is
always appreciated. =) I have a feeling that the docs are at least
partially vague b
Michael Spencer wrote:
>> In fact, I believe my solution to be totally safe,
>
> That's a bold claim! I'll readily concede that I can't access
> func_globals from restricted mode eval (others may know better). But
> your interpreter is still be vulnerable to DOS-style attack from
> rogue calcula
Steven Bethard wrote:
>> When __builtin__ is not the standard __builtin__, Python is in
>> restricted execution mode.
>
> Do you know where this is documented? I looked around, but couldn't
> find anything.
I found some documentation in the reference of the (now disabled) modules for
Restricted
Giovanni Bajo wrote:
When __builtin__ is not the standard __builtin__, Python is in restricted
execution mode.
Do you know where this is documented? I looked around, but couldn't
find anything.
STeVe
--
http://mail.python.org/mailman/listinfo/python-list
Giovanni Bajo wrote:
Steven Bethard wrote:
I use something along these lines:
def safe_eval(expr, symbols={}):
return eval(expr, dict(__builtins__=None, True=True,
False=False), symbols)
import math
def calc(expr):
return safe_eval(expr, vars(math))
That offers only notional security:
>>> ca
Steven Bethard wrote:
>>> I use something along these lines:
>>>
>>> def safe_eval(expr, symbols={}):
>>> return eval(expr, dict(__builtins__=None, True=True,
>>> False=False), symbols)
>>>
>>> import math
>>> def calc(expr):
>>> return safe_eval(expr, vars(math))
>>>
>> That offers only n
Steven Bethard wrote:
Yeah, I was concerned about the same thing, but I realized that I can't
actually access any of the func_globals attributes:
py> eval('(1).__class__.mro()[-1].__subclasses__()[17]'
... '.substitute.func_globals', dict(__builtins__=None))
Traceback (most recent call last)
Michael Spencer wrote:
Giovanni Bajo wrote:
I use something along these lines:
def safe_eval(expr, symbols={}):
return eval(expr, dict(__builtins__=None, True=True, False=False),
symbols)
import math
def calc(expr):
return safe_eval(expr, vars(math))
That offers only notional security:
>
Giovanni Bajo wrote:
Michael Spencer wrote:
* this means that, eval("sys.exit()") will likely stop your
interpreter, and
there are various other inputs with possibly harmful consequences.
Concerns like these may send you back to your original idea of doing
your own expression parsing.
I use somet
Michael Spencer wrote:
> * this means that, eval("sys.exit()") will likely stop your
> interpreter, and
> there are various other inputs with possibly harmful consequences.
>
> Concerns like these may send you back to your original idea of doing
> your own expression parsing.
I use something alon
Wow, thanks so much guys!
"Michael Spencer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Brian Kazian wrote:
>> Thanks for the help, I didn't even think of that.
>>
>> I'm guessing there's no easy way to handle exponents or logarithmic
>> functions? I will be running into thes
Almost this exact parser, called fourFn.py, is included in the examples
with pyparsing (at http://pyparsing.sourceforge.net). Since it is pure
Python, you can extend the grammar with whatever builtin functions you
like. But it *is* a parser, not just a short cut.
-- Paul
--
http://mail.python.
Brian Kazian wrote:
Thanks for the help, I didn't even think of that.
I'm guessing there's no easy way to handle exponents or logarithmic
functions? I will be running into these two types as well.
"Artie Gold" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
eval will handle exponent
Artie Gold wrote:
[BTW -- cultural question: Do we top-post here?]
Please don't.
--
Robert Kern
[EMAIL PROTECTED]
"In the fields of hell where the grass grows high
Are the graves of dreams allowed to die."
-- Richard Harter
--
http://mail.python.org/mailman/listinfo/python-list
Brian Kazian wrote:
Thanks for the help, I didn't even think of that.
I'm guessing there's no easy way to handle exponents or logarithmic
functions? I will be running into these two types as well.
Well, consider:
import math
eval("log(pow(x,2)*pow(y,3),2)",{'pow':math.pow,'log':math.log},{'x':1,'
Thanks for the help, I didn't even think of that.
I'm guessing there's no easy way to handle exponents or logarithmic
functions? I will be running into these two types as well.
"Artie Gold" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Brian Kazian wrote:
>> Here's my problem, a
Brian Kazian wrote:
Here's my problem, and hopefully someone can help me figure out if there is
a good way to do this.
I am writing a program that allows the user to enter an equation in a text
field using pre-existing variables. They then enter numerical values for
these variables, or can tel
20 matches
Mail list logo
