New to Python: Features

Andrew Dalke adalke at mindspring.com
Tue Oct 5 03:00:12 EDT 2004 

Richard Blackwood wrote:
> Why are you so fervently against eval, exec?  What sort of security 
> holes?  Don't tell me, I'll look it up.

Here's a sketch

class Spam:
   def __init__(self, **kargs):
     self.__data__.update(kwargs)

x = Spam(a=3, b=4, c=5)

s = raw_input("Which variable? ")
eval("x." + s)

Now the user enters "a and __import__('os').system('rm -rf $HOME')"

> It tells me I passed in two arguments when I only passed in one.

That's because you didn't list 'self' in the parameter list.
You misinterpreted the respondent's answer to your question.

>> Do you want it because it's cool or because it's useful?
>>
> Cool = useful

Cool often means unmaintainable, inappropriate, overly
complex.  Rube Goldberg's works are cool, but not useful.

> Yes it does.  Other language have them as functions (just funny looking 
> one's like in this case).  Take Lua for example.  "require" is a method 
> but it import the same way "import" does in Python (syntactically).

Python expressions != statements.  Deliberate design choice.

>>>> It is not hidden, in fact, you get to name it...
>>>>
>>>> class foo:
>>>>     def goo(I_AM_SELF, arg):
>>>>         pass
>>>>
>>> Cool!
>>
>> DO NOT DO THAT EVER!
>>
>> Seriously not cool.
>>
> 
> Would you like to explain why not?  Josiah didn't seem to have any 
> qualms with it.

Makes for a maintainable mess.  You asked "can I" not "should I".

>> NO!  Don't do that.  Bad code.  Subtle errors.
>>
>> Try Perl or Ruby instead.
>>
> Now your encouraging me not to use Python?

I'm encouraging you to use code that meets your needs.  You
seem to want a language that focuses on your personal needs
(tail recursion, access to gc, changing the name of self,
eval/exec vs. introspection, etc) and not those that encourage
group development (security, consistent naming scheme,
similarity in constructs).  Other languages do a better
job at empowering a solo programmer.

>> It quite depends on your expectations of what design by
>> contract, protocols, etc. means.  Do some research.  Hint:
>> Google for 'python "design by contract"' and related topics.
>>
> Cameron provided me a link, most excellent.

And you'll see Google returns many more, all with different
views.  And your question was more expansive than just Design
by Contract, so Cameron didn't answer it fully.

>> Yes.  But you'll never use them.  The problem you'll want
>> to solve is "how do I call Python code from a ... library"
>> or "how do I package Python as an executable" and not
>> "how do I convert Python code into C".
>>
>> You are asking the wrong question.  You are asking about
>> technique, not goal.
>>
> No, no, I want the C speed.

Then say so.  There are Python to C converters which at best
give about a 5% speed boost, so the answer to your original
question would be "yes" but also not be the answer to your
real question.

>> You asked for "embedding variables" not embedding expressions.
>> You got what you asked for, not what you wanted.  That's part
>> of being able to ask the right question.  Remember that essay
>> people suggested you read?
>>
> I gave a goddamn code example, grief.  How much more explicit do I need be?

You gave a code example that could be interpreted in several
different ways.  The easiest way to answer was to resolve using
the text of your question.

You can get what you want by defining your own dictionary-like
object which interacts with string interpolation.  But I've
a phone conf. now and can't give details.


				Andrew
				dalke at dalkescientific.com

More information about the Python-list mailing list