replacement of rexec?
Huaiyu Zhu
huaiyu at gauss.almaden.ibm.com
Wed Oct 22 21:12:30 EDT 2003
What is the prefered way to eval a string like "('a', 1)"? These strings
are representations of simple objects of type int, str, or dict, tuple or
list made of them. I do not want to use naked eval in case I run the
script on a wrong file that happens to contain Python code.
Previously I used the following
from rexec import RExec
r_eval = RExec().r_eval
After upgrading to 2.3 it no longer works:
File "/usr/local/lib/python2.3/rexec.py", line 184, in __init__
raise RuntimeError, "This code is not secure in Python 2.2 and 2.3"
RuntimeError: This code is not secure in Python 2.2 and 2.3
I understand that rexec is not secure against malicious attacks. However,
it is safer than eval for preventing accidents. What should I use in
place? The ideal thing I'm looking for is a function that can parse only
"non-active" python objects and raise exception on anything else.
Huaiyu
More information about the Python-list
mailing list