[Python-Dev] Improved evaluator added to ast module (original) (raw)
Andrea Griffini agriff at tin.it
Sat Oct 20 10:24:36 CEST 2012
- Previous message: [Python-Dev] Improved evaluator added to ast module
- Next message: [Python-Dev] Improved evaluator added to ast module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Oct 18, 2012 at 5:41 PM, Georg Brandl <g.brandl at gmx.net> wrote:
On 10/18/2012 03:16 PM, Daniel Holth wrote:
On Thu, Oct 11, 2012 at 1:36 PM, Vinay Sajip <vinaysajip at yahoo.co.uk> wrote:
Daniel Holth <dholth gmail.com> writes:
How does this compare to the markerlib approach? In markerlib you just make sure all the AST nodes are in a set of allowed nodes, currently (Compare, BoolOp, Attribute, Name, Load, Str, cmpop, boolop), and then use the normal eval(). Is one way more secure / fast / flexible than the other? I don't think performance is an issue, and the markerlib approach seems just as reasonable as the one I've taken, except that it calls eval(), whereas my approach doesn't. It boils down to what should be allowed in expressions, and what shouldn't be.
I'm not sure if this is pertinent to the safe eval discussion, but currently it's possible to make python crash with a segfault even by just parsing an expression.
See http://bugs.python.org/issue5765
Andrea
- Previous message: [Python-Dev] Improved evaluator added to ast module
- Next message: [Python-Dev] Improved evaluator added to ast module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]