[BangPypers] magic in datetime module?

Anand Balachandran Pillai abpillai at gmail.com
Fri Apr 3 09:36:25 CEST 2009

On Fri, Apr 3, 2009 at 12:53 PM, Anand Chitipothu <anandology at gmail.com>wrote:

> 2009/4/3 Noufal Ibrahim <noufal at gmail.com>:
> > There was a thread on python-dev recently about sandboxing code by
> > restricting the variables provided. A lot of people broke it (you can
> > check the archives for "break this code" or something similar).
> This one?
> http://mail.python.org/pipermail/python-dev/2009-February/086401.html
> > In any case, if you deny people the ability to use __import__, then
> > any functions that call import will fail. Whether that's a good
> > practice is questionable but that's the state of affairs.
> It does restrict people from using imports, but it doesn't restrict
> calling functions which use import.
> The problem with the mentioned code is that an implicit import is
> getting called in the current env. If that import is inside that
> function then it wouldn't be an issue.

Use this work-around.

# Save the name __import__
__import__ = __builtins__.__import__
__builtins = {}

import datetime
now = datetime.datetime.utcnow()
print now.strftime("%m %Y")

This works. Do this at the top of all modules which is dependent
on your code which breaks __builtin__.

> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> http://mail.python.org/mailman/listinfo/bangpypers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/bangpypers/attachments/20090403/99bdd610/attachment.htm>

More information about the BangPypers mailing list