Read any function in runtime
jack at 0x6a.com
Mon Oct 26 20:45:26 CET 2009
Matt McCredie wrote:
> Rhodri James <rhodri <at> wildebst.demon.co.uk> writes:
>> On Fri, 23 Oct 2009 17:39:40 +0100, Matt McCredie <mccredie <at> gmail.com>
>>> joao abrantes <senhor.abrantes <at> gmail.com> writes:
>>>> Hey. I want to make a program like this:print "Complete the function
>>> f(x)="then the user would enter x+2 or 1/x or any other function that
>>> only uses
>>> the variable x. Then my python program would calculate f(x) in some
>>> points for
>>> example in f(2),f(4).. etc . How can I do this?
>>> check out 'eval' or 'exec'.
>> Then check out all the reasons you shouldn't use them in an
>> environment that you don't trust absolutely -- if someone wipes
>> your hard disc, you won't get any sympathy from here.
>> The safe answer is to write yourself a small parser. Given that
>> you've got a very limited symbol set, that shouldn't be too hard.
> This should only be a concern if it is some sort of client/server app (like a
> web-app). If this is something that is going to be run on a local machine then
> the person running it could do just as much damage via the command line.
> While I agree that there is a danger if the input might come from untrusted
> users, and the original poster should be aware of that, writing your own parser
> only makes sense in those instances. If this application is run locally then
> users have access to the machine anyway.
> I don't want to give a (potentially) new user to python the impression that they
> need to be writing their own parser to solve this problem. It depends on where
> the input is coming from.
> Two things to note:
> 1. eval and exec are perfectly safe if the input is from a trusted source.
> 2. eval and exec are never safe if the input is not from a trusted source.
> Matt McCredie
I'd like to add that there are several lisp apps out there that give you
a REPL (for example stumpwm). A REPL could be seen as a sophisticated
Case in point, it is common in the lisp world. You could, in theory,
hose your system from inside emacs (and you may not even know
More information about the Python-list