Python: make eval safe [duplicate]

by

are eval’s security issues fixable or
are there just too many tiny details
to get it working right?

Definitely the latter — a clever hacker will always manage to find a way around your precautions.

If you’re satisfied with plain expressions using elementary-type literals only, use ast.literal_eval — that’s what it’s for! For anything fancier, I recommend a parsing package, such as ply if you’re familiar and comfortable with the classic lexx/yacc approach, or pyparsing for a possibly more Pythonic approach.

More Related Contents:

  1. Why is using ‘eval’ a bad practice?
  2. Using python’s eval() vs. ast.literal_eval()
  3. What’s the difference between eval, exec, and compile?
  4. What does Python’s eval() do?
  5. Dynamically evaluate an expression from a formula in Pandas
  6. Security of Python’s eval() on untrusted strings?
  7. Use of eval in Python?
  8. Python eval: is it still dangerous if I disable builtins and attribute access?
  9. Python: How can I run eval() in the local scope of a function
  10. AttributeError: ‘PandasExprVisitor’ object has no attribute ‘visit_Ellipsis’, using pandas eval
  11. Why does ast.literal_eval(‘5 * 7’) fail?
  12. eval fails in list comprehension [duplicate]
  13. Converting python string into bytes directly without eval()
  14. How does str(list) work?
  15. Why is Python’s eval() rejecting this multiline string, and how can I fix it?
  16. Running Python code contained in a string
  17. Explanation of how nested list comprehension works?
  18. Why does Python code run faster in a function?
  19. What’s the purpose of “send” function on Python generators?
  20. python selenium click on button
  21. Python string ‘join’ is faster (?) than ‘+’, but what’s wrong here?
  22. Record speakers output with PyAudio
  23. Using hyphen/dash in python repository name and package name
  24. How can I know which exceptions might be thrown from a method call?
  25. What is the purpose of the colon before a block in Python?
  26. Read timeout using either urllib2 or any other http library
  27. Compare XML snippets?
  28. Tkinter – Geometry management
  29. cross-platform splitting of path in python
  30. Pandas: Find rows which don’t exist in another DataFrame by multiple columns

Leave a Comment