[issue15452] Eliminate the use of eval() in the logging config implementation
report at bugs.python.org
Thu Jul 26 16:29:44 CEST 2012
Vinay Sajip <vinay_sajip at yahoo.co.uk> added the comment:
Initial evaluation indicates that ast.literal_eval doesn't cut the mustard: it doesn't do any name lookups, so you can't for example successfully evaluate something like 'handlers.WatchedFileHandler' or even 'FileHandler'.
However, a limited evaluator which goes further than ast.literal_eval will probably work. One such is shown in this Gist:
It supports a reasonable subset of Python expressions and also could be useful in other contexts than logging configuration.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list