On Thu, Oct 11, 2012 at 12:34 PM, Benjamin Peterson <benjamin at python.org> wrote: > 2012/10/11 Vinay Sajip <vinay_sajip at yahoo.co.uk>: >> In response to http://bugs.python.org/issue15452, I've created an improved >> evaluator in the ast module in my sandbox repo. The evaluator supports lookup of >> names in a supplied namespace. The basic interface is >> >> def lookup_eval(source_string_or_ast_node, namespace, allow_imports=False): >> # perform limited evaluation of Python expressions >> >> Function calls are not allowed in expressions, but the following are: >> >> * Names (looked up in namespace, and imported if not found there and >> allow_imports is True) >> * Literals, just as literal_eval() does >> * Array indexing and slicing >> * Attribute access >> * Arithmetic operators >> * Bitwise operators >> * Comparison operators >> * in / not in >> * and / or >> * Unary operators > > With this operations, you can still cause a lot of trouble. > >> >> The patch is attached to the issue, and includes changes to replace the use >> of eval() by logging.config.fileConfig() to use ast.lookup_eval(). >> >> I would welcome review of the patch, particularly as there may be security >> implications (the issue is titled "Improve the security model for logging >> listener"). > > What exactly are you trying to prevent? How does this compare to the markerlib approach? In markerlib you just make sure all the AST nodes are in a set of allowed nodes, currently (Compare, BoolOp, Attribute, Name, Load, Str, cmpop, boolop), and then use the normal eval(). Is one way more secure / fast / flexible than the other? (https://bitbucket.org/dholth/markerlib/src/tip/markerlib/markers.py) Thanks, Daniel H
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4