In response to http://bugs.python.org/issue15452, I've created an improved evaluator in the ast module in my sandbox repo. The evaluator supports lookup of names in a supplied namespace. The basic interface is def lookup_eval(source_string_or_ast_node, namespace, allow_imports=False): # perform limited evaluation of Python expressions Function calls are not allowed in expressions, but the following are: * Names (looked up in namespace, and imported if not found there and allow_imports is True) * Literals, just as literal_eval() does * Array indexing and slicing * Attribute access * Arithmetic operators * Bitwise operators * Comparison operators * in / not in * and / or * Unary operators The patch is attached to the issue, and includes changes to replace the use of eval() by logging.config.fileConfig() to use ast.lookup_eval(). I would welcome review of the patch, particularly as there may be security implications (the issue is titled "Improve the security model for logging listener"). Barring objections, I plan to commit it in a week or so. Regards, Vinay Sajip
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4