limited python virtual machine
Stephen Thorne
stephen.thorne at gmail.com
Sat Jan 29 10:11:32 EST 2005
On Sat, 29 Jan 2005 08:53:45 -0600, Skip Montanaro <skip at pobox.com> wrote:
>
> >> One thing my company has done is written a ``safe_eval()`` that uses
> >> a regex to disable double-underscore access.
>
> Alex> will the regex catch getattr(object,
> Alex> 'subclasses'.join(['_'*2]*2)...?-)
>
> Now he has two problems. ;-)
I nearly asked that question, then I realised that 'getattr' is quite
easy to remove from the global namespace for the code in question, and
assumed that they had already thought of that.
Stephen.
More information about the Python-list
mailing list