Turning String into Numerical Equation

Giovanni Bajo noway at sorry.com
Wed Mar 16 03:23:19 CET 2005


Steven Bethard wrote:

>>> I use something along these lines:
>>>
>>> def safe_eval(expr, symbols={}):
>>>     return eval(expr, dict(__builtins__=None, True=True,
>>> False=False), symbols)
>>>
>>> import math
>>> def calc(expr):
>>>     return safe_eval(expr, vars(math))
>>>
>> That offers only notional security:
>>
>>  >>> calc("acos.__class__.__bases__[0]")
>>  <type 'object'>
>
> Yeah, I was concerned about the same thing, but I realized that I
> can't actually access any of the func_globals attributes:


When __builtin__ is not the standard __builtin__, Python is in restricted
execution mode. In fact, I believe my solution to be totally safe, and I
otherwise would love to be proved wrong.
-- 
Giovanni Bajo





More information about the Python-list mailing list