Re: Safe eval of insecure strings containing Python data structures?

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Orestis Markou

    Re: Safe eval of insecure strings containing Python data structures?

    The ast module in 2.6 has something...

    On Thu, Oct 9, 2008 at 1:34 AM, Warren DeLano <warren@delsci. comwrote:
    >
    I would like to parse arbitrary insecure text string containing nested
    Python data structures in eval-compatible form:
    >
    # For example, given a "config.txt " such as:
    >
    {
    'my_atom' : 1.20,
    'my_dict' : { 2:50 , 'hi':'mom'},
    'my_list' : [ (1,2,3), [4.5,6.9], 'foo', 0 ]
    }
    >
    # I would like to do something like this:
    >
    empty_space = {'__builtins__' : {}}
    >
    try:
    config = eval(open("conf ig.txt").read() , empty_space, empty_space)
    except:
    config = {}
    >
    print config
    >
    # But I know for certain that the above approach is NOT secure since
    object attributes can still be accessed...
    >
    So is there an equally convenient yet secure alternative available for
    parsing strings containing Python data structure definitions?
    >
    Thanks in advance for any pointers!
    >
    Cheers,
    Warren
    >
    >
    --

    >


    --
    orestis@orestis .gr

Working...