Yet another attempt at a safe eval() call

Grant Edwards invalid at invalid.invalid
Fri Jan 4 00:25:51 CET 2013


I've written a small assembler in Python 2.[67], and it needs to
evaluate integer-valued arithmetic expressions in the context of a
symbol table that defines integer values for a set of names.  The
"right" thing is probably an expression parser/evaluator using ast,
but it looked like that would take more code that the rest of the
assembler combined, and I've got other higher-priority tasks to get
back to.

How badly am I deluding myself with the code below?

def lessDangerousEval(expr):
    global symbolTable
    if 'import' in expr:
        raise ParseError("operand expressions are not allowed to contain the string 'import'")
    globals = {'__builtins__': None}
    locals  = symbolTable
    return eval(expr, globals, locals)

I can guarantee that symbolTable is a dict that maps a set of string
symbol names to integer values.

-- 
Grant Edwards               grant.b.edwards        Yow! -- I have seen the
                                  at               FUN --
                              gmail.com            



More information about the Python-list mailing list