Read any function in runtime
Jack Norton
jack at 0x6a.com
Mon Oct 26 15:45:26 EDT 2009
Matt McCredie wrote:
> Rhodri James <rhodri <at> wildebst.demon.co.uk> writes:
>
>
>> On Fri, 23 Oct 2009 17:39:40 +0100, Matt McCredie <mccredie <at> gmail.com>
>> wrote:
>>
>>
>>> joao abrantes <senhor.abrantes <at> gmail.com> writes:
>>>
>>>
>>>> Hey. I want to make a program like this:print "Complete the function
>>>>
>>> f(x)="then the user would enter x+2 or 1/x or any other function that
>>> only uses
>>> the variable x. Then my python program would calculate f(x) in some
>>> points for
>>> example in f(2),f(4).. etc . How can I do this?
>>>
>>> check out 'eval' or 'exec'.
>>>
>> Then check out all the reasons you shouldn't use them in an
>> environment that you don't trust absolutely -- if someone wipes
>> your hard disc, you won't get any sympathy from here.
>>
>> The safe answer is to write yourself a small parser. Given that
>> you've got a very limited symbol set, that shouldn't be too hard.
>>
>>
>
> This should only be a concern if it is some sort of client/server app (like a
> web-app). If this is something that is going to be run on a local machine then
> the person running it could do just as much damage via the command line.
>
> While I agree that there is a danger if the input might come from untrusted
> users, and the original poster should be aware of that, writing your own parser
> only makes sense in those instances. If this application is run locally then
> users have access to the machine anyway.
>
> I don't want to give a (potentially) new user to python the impression that they
> need to be writing their own parser to solve this problem. It depends on where
> the input is coming from.
>
> Two things to note:
> 1. eval and exec are perfectly safe if the input is from a trusted source.
> 2. eval and exec are never safe if the input is not from a trusted source.
>
> Matt McCredie
>
>
>
I'd like to add that there are several lisp apps out there that give you
a REPL (for example stumpwm). A REPL could be seen as a sophisticated
`eval' loop.
Case in point, it is common in the lisp world. You could, in theory,
hose your system from inside emacs (and you may not even know
it...hahaha).
-Jack
More information about the Python-list
mailing list