[Python-Dev] Improved evaluator added to ast module (original) (raw)
Vinay Sajip vinay_sajip at yahoo.co.uk
Thu Oct 11 18:06:06 CEST 2012
- Previous message: [Python-Dev] hg verify warnings
- Next message: [Python-Dev] Improved evaluator added to ast module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In response to http://bugs.python.org/issue15452, I've created an improved evaluator in the ast module in my sandbox repo. The evaluator supports lookup of names in a supplied namespace. The basic interface is
def lookup_eval(source_string_or_ast_node, namespace, allow_imports=False):
perform limited evaluation of Python expressions
Function calls are not allowed in expressions, but the following are:
- Names (looked up in namespace, and imported if not found there and allow_imports is True)
- Literals, just as literal_eval() does
- Array indexing and slicing
- Attribute access
- Arithmetic operators
- Bitwise operators
- Comparison operators
- in / not in
- and / or
- Unary operators
The patch is attached to the issue, and includes changes to replace the use of eval() by logging.config.fileConfig() to use ast.lookup_eval().
I would welcome review of the patch, particularly as there may be security implications (the issue is titled "Improve the security model for logging listener").
Barring objections, I plan to commit it in a week or so.
Regards,
Vinay Sajip
- Previous message: [Python-Dev] hg verify warnings
- Next message: [Python-Dev] Improved evaluator added to ast module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]