[Patches] [ python-Patches-744104 ] Remove eval() from csv

SourceForge.net noreply@sourceforge.net
Wed, 11 Jun 2003 20:10:31 -0700


Patches item #744104, was opened at 2003-05-27 02:43
Message generated for change (Comment added) made by rhettinger
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=744104&group_id=5470

Category: Library (Lib)
Group: Python 2.3
>Status: Closed
Resolution: None
Priority: 6
Submitted By: Raymond Hettinger (rhettinger)
Assigned to: Andrew McNamara (andrewmcnamara)
Summary: Remove eval() from csv

Initial Comment:
The eval() step in the csv module can be eliminated, 
resulting in better security, more clarity, and a little 
speed.

The idea is to make successive attempts to coerce 
the string to a python type:
   int(s), long(s), float(s), etc.

This allows the logic to be controlled precisely and for 
specific types to be included or excluded (unicode 
types for instance).

The patch is attached and passes all regression 
tests.  It should also work fine under Py2.2.








----------------------------------------------------------------------

>Comment By: Raymond Hettinger (rhettinger)
Date: 2003-06-11 22:10

Message:
Logged In: YES 
user_id=80475

* Added guard for complex().
* Changed == to =
* Ran against Skip's new tests
* Committed as Lib/csv.py 1.5
* Closing patch

----------------------------------------------------------------------

Comment By: Skip Montanaro (montanaro)
Date: 2003-06-11 21:26

Message:
Logged In: YES 
user_id=44345

I think this is fine though there's a typo:

         # treat longs as ints
          if thisType == long:
              thisType == int

The last "==" should be "=".  That this didn't trigger a test
failure suggests we need another test case.

Also, since the interpreter can conceivably be built without
complex types, the use of the complex builtin should probably
be guarded.

S


----------------------------------------------------------------------

Comment By: Raymond Hettinger (rhettinger)
Date: 2003-06-09 11:42

Message:
Logged In: YES 
user_id=80475

Skip said it would be fine if you took care of this one.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=744104&group_id=5470