[BangPypers] magic in datetime module?
Anand Balachandran Pillai
abpillai at gmail.com
Fri Apr 3 09:36:25 CEST 2009
On Fri, Apr 3, 2009 at 12:53 PM, Anand Chitipothu <anandology at gmail.com>wrote:
> 2009/4/3 Noufal Ibrahim <noufal at gmail.com>:
> > There was a thread on python-dev recently about sandboxing code by
> > restricting the variables provided. A lot of people broke it (you can
> > check the archives for "break this code" or something similar).
>
> This one?
>
> http://mail.python.org/pipermail/python-dev/2009-February/086401.html
>
> > In any case, if you deny people the ability to use __import__, then
> > any functions that call import will fail. Whether that's a good
> > practice is questionable but that's the state of affairs.
>
> It does restrict people from using imports, but it doesn't restrict
> calling functions which use import.
>
> The problem with the mentioned code is that an implicit import is
> getting called in the current env. If that import is inside that
> function then it wouldn't be an issue.
Use this work-around.
# Save the name __import__
__import__ = __builtins__.__import__
__builtins = {}
import datetime
now = datetime.datetime.utcnow()
print now.strftime("%m %Y")
This works. Do this at the top of all modules which is dependent
on your code which breaks __builtin__.
> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> http://mail.python.org/mailman/listinfo/bangpypers
>
--
-Anand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/bangpypers/attachments/20090403/99bdd610/attachment.htm>
More information about the BangPypers
mailing list