Safe eval?
Alex Martelli
aleax at aleax.it
Wed Apr 17 08:20:58 EDT 2002
gbreed at cix.compulink.co.uk wrote:
> Chris Liechti wrote:
>
>> you can disable the builtin functions you want and populate the
>> namespace with save functions and classes (see Bastion for that)
>
> I've never worked out how to do the second bit. Bastion you say? The
> documentation for that's all about restricting access to classes. How do
> I get such a class into the namespace for an reval? Every time this comes
> up, somebody says "use reval" but nothing about how you supply locals to
Nice overview at:
http://py-howto.sourceforge.net/txt/rexec.txt
The key point you ask about:
"""
module = r_env.add_module(module_name)
mod_dict = module.__dict__ Despite its name, the add_module() method
actually only adds the
module if it doesn't already exist; it returns the corresponding
module object, whether or not the module had to be created.
Most commonly, you'll insert variable bindings into the __main__ or
__builtins__ module, so these will be the most frequent values of
module_name.
Once you have the module's dictionary, you need only insert a
key/value pair for the desired variable name and value. For example,
to add a username variable:
mod_dict['username'] = "Kate Bush" Restricted code will then have access
to this variable.
"""
Alex
More information about the Python-list
mailing list