Read any function in runtime

Jack Norton jack at 0x6a.com
Mon Oct 26 20:45:26 CET 2009


Matt McCredie wrote:
> Rhodri James <rhodri <at> wildebst.demon.co.uk> writes:
>
>   
>> On Fri, 23 Oct 2009 17:39:40 +0100, Matt McCredie <mccredie <at> gmail.com>  
>> wrote:
>>
>>     
>>> joao abrantes <senhor.abrantes <at> gmail.com> writes:
>>>
>>>       
>>>> Hey. I want to make a program like this:print "Complete the function
>>>>         
>>> f(x)="then the user would enter x+2 or 1/x or any other function that  
>>> only uses
>>> the variable x. Then my python program would calculate f(x) in some  
>>> points for
>>> example in f(2),f(4).. etc . How can I do this?
>>>       
>>> check out 'eval' or 'exec'.
>>>       
>> Then check out all the reasons you shouldn't use them in an
>> environment that you don't trust absolutely -- if someone wipes
>> your hard disc, you won't get any sympathy from here.
>>
>> The safe answer is to write yourself a small parser.  Given that
>> you've got a very limited symbol set, that shouldn't be too hard.
>>
>>     
>
> This should only be a concern if it is some sort of client/server app (like a
> web-app). If this is something that is going to be run on a local machine then
> the person running it could do just as much damage via the command line.
>
> While I agree that there is a danger if the input might come from untrusted
> users, and the original poster should be aware of that, writing your own parser
> only makes sense in those instances. If this application is run locally then
> users have access to the machine anyway.
>
> I don't want to give a (potentially) new user to python the impression that they
> need to be writing their own parser to solve this problem. It depends on where
> the input is coming from. 
>
> Two things to note: 
> 1. eval and exec are perfectly safe if the input is from a trusted source.
> 2. eval and exec are never safe if the input is not from a trusted source.
>
> Matt McCredie
>
>
>   
I'd like to add that there are several lisp apps out there that give you 
a REPL (for example stumpwm).  A REPL could be seen as a sophisticated 
`eval' loop. 
Case in point, it is common in the lisp world.  You could, in theory, 
hose your system from inside emacs (and you may not even know 
it...hahaha). 

-Jack



More information about the Python-list mailing list