Yet another attempt at a safe eval() call
Oscar Benjamin
oscar.j.benjamin at gmail.com
Sat Jan 5 10:56:31 EST 2013
On 4 January 2013 15:53, Grant Edwards <invalid at invalid.invalid> wrote:
> On 2013-01-04, Steven D'Aprano <steve+comp.lang.python at pearwood.info> wrote:
>> On Thu, 03 Jan 2013 23:25:51 +0000, Grant Edwards wrote:
>>
>> * But frankly, you should avoid eval, and write your own mini-integer
>> arithmetic evaluator which avoids even the most remote possibility
>> of exploit.
>
> That's obviously the "right" thing to do. I suppose I should figure
> out how to use the ast module.
Someone has already created a module that does this called numexpr. Is
there some reason why you don't want to use that?
>>> import numexpr
>>> numexpr.evaluate('2+4*5')
array(22, dtype=int32)
>>> numexpr.evaluate('2+a*5', {'a':4})
array(22L)
Oscar
More information about the Python-list
mailing list