5 Sep 2020 5 Sep '20
05.09.20 03:24, Chris Angelico пише:
But don't expect that to actually be secure. It mitigates SOME security threats.
I think Python would do very well to have a "restricted evaluation" function. Looking at the source code for literal_eval, it doesn't seem too hard to add a check alongside the Constant handler to say "if it's Name, context Load, look up the name in the provided dict".
It is more hard that you think. Try ast.literal_eval('+1'*1000000). It crashes before you start to walk the AST tree.
You need to implement at least your own AST parser in pure Python to make more safe eval. And there are other vectors of attack (for example via string-to-integer converter).