Re: [Numpy-discussion] How to use user input as equation directly

2016-10-28 Thread Robert McLeod 
On Thu, Oct 27, 2016 at 11:35 PM, Benjamin Root 
wrote:

> Perhaps the numexpr package might be safer? Not exactly meant for this
> situation (meant for optimizations), but the evaluator is pretty darn safe.
>
>
It would not be able to evaluate something like 'np.arange(50)' for
example, since it only has a limited subset of numpy functionality. In the
example provided that or linspace is likely the natural input for the
variable 't'.

-- 
Robert McLeod, Ph.D.
Center for Cellular Imaging and Nano Analytics (C-CINA)
Biozentrum der Universität Basel
Mattenstrasse 26, 4058 Basel
Work: +41.061.387.3225
robert.mcl...@unibas.ch
robert.mcl...@bsse.ethz.ch 
robbmcl...@gmail.com
___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-28 Thread Ben Rowland 
It is important to bear in mind where the code is being run - if this is 
something running on a researcher’s own system, they almost certainly have lots 
of other ways of messing it up. These kind of security vulnerabilities are 
normally only relevant when you are running code that came from somewhere else.

That being said, this use case sounds like it could work with the Jupyter 
notebook. If you want something that is like typing code into a .py file but 
evaluated at run time instead, why not just use an interactive Python REPL 
instead of eval(input()).

Ben

> On 27 Oct 2016, at 17:52, Benjamin Root  wrote:
> 
> "only be used by engineers/scientists for research"
> 
> Famous last words. I know plenty of scientists who would love to "do 
> research" with an exposed eval(). Full disclosure, I personally added a 
> security hole into matplotlib thinking I covered all my bases in protecting 
> an eval() statement.
> 
> Ben Root
> 
> On Thu, Oct 27, 2016 at 4:21 PM, djxvillain  > wrote:
> This will not be a public product and will only be used by other
> engineers/scientists for research.  I don't think security should be a huge
> issue, but I appreciate your input and concern for the quality of my code.
> 
> 
> 
> --
> View this message in context: 
> http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665p43670.html
>  
> 
> Sent from the Numpy-discussion mailing list archive at Nabble.com.
> ___
> NumPy-Discussion mailing list
> NumPy-Discussion@scipy.org 
> https://mail.scipy.org/mailman/listinfo/numpy-discussion 
> 
> 
> ___
> NumPy-Discussion mailing list
> NumPy-Discussion@scipy.org
> https://mail.scipy.org/mailman/listinfo/numpy-discussion

___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread Benjamin Root 
"only be used by engineers/scientists for research"

Famous last words. I know plenty of scientists who would love to "do
research" with an exposed eval(). Full disclosure, I personally added a
security hole into matplotlib thinking I covered all my bases in protecting
an eval() statement.

Ben Root

On Thu, Oct 27, 2016 at 4:21 PM, djxvillain  wrote:

> This will not be a public product and will only be used by other
> engineers/scientists for research.  I don't think security should be a huge
> issue, but I appreciate your input and concern for the quality of my code.
>
>
>
> --
> View this message in context: http://numpy-discussion.10968.
> n7.nabble.com/How-to-use-user-input-as-equation-directly-
> tp43665p43670.html
> Sent from the Numpy-discussion mailing list archive at Nabble.com.
> ___
> NumPy-Discussion mailing list
> NumPy-Discussion@scipy.org
> https://mail.scipy.org/mailman/listinfo/numpy-discussion
>
___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread djxvillain 
This will not be a public product and will only be used by other
engineers/scientists for research.  I don't think security should be a huge
issue, but I appreciate your input and concern for the quality of my code.



--
View this message in context: 
http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665p43670.html
Sent from the Numpy-discussion mailing list archive at Nabble.com.
___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread Benjamin Root 
Perhaps the numexpr package might be safer? Not exactly meant for this
situation (meant for optimizations), but the evaluator is pretty darn safe.

Ben Root

On Thu, Oct 27, 2016 at 5:33 PM, John Ladasky  wrote:

> This isn't just a Numpy issue.  You are interested in Python's eval().
>
> Keep in mind that any programming language that blurs the line between
> code and data (many do not) has a potential security vulnerability.  What
> if your user doesn't type
>
> "x = 2*np.sin(2*np.pi*44100*t+np.pi/2)"
>
> but instead types this:
>
> "import os ; os.remove('/home')"
>
> I do NOT recommend that you eval() the second statement.
>
> You can try to write code which traps unwanted input before you eval()
> it.  It's apparently quite hard to stop everything bad from getting through.
>
>
> On Thu, Oct 27, 2016 at 12:58 PM, djxvillain  wrote:
>
>> Hello all,
>>
>> I am an electrical engineer and new to numpy.  I need the ability to take
>> in
>> user input, and use that input as a variable.  For example:
>>
>> t = input('enter t: ')
>> x = input('enter x: ')
>>
>> I need the user to be able to enter something like x =
>> 2*np.sin(2*np.pi*44100*t+np.pi/2) and it be the same as if they just
>> typed
>> it in the .py file.  There's no clean way to cast or evaluate it that I've
>> found.
>>
>> I could make a function to parse this string character by character, but I
>> figured this is probably a common problem and someone else has probably
>> figured it out and created an object for it.  I can't find a library that
>> does it though.
>>
>> If I can provide any more information please let me know.  Thank you in
>> advance for your help.
>>
>>
>>
>> --
>> View this message in context: http://numpy-discussion.10968.
>> n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665.html
>> Sent from the Numpy-discussion mailing list archive at Nabble.com.
>> ___
>> NumPy-Discussion mailing list
>> NumPy-Discussion@scipy.org
>> https://mail.scipy.org/mailman/listinfo/numpy-discussion
>>
>
>
>
> --
> *John J. Ladasky Jr., Ph.D.*
> *Research Scientist*
> *International Technological University*
> *2711 N. First St, San Jose, CA 95134 USA*
>
> ___
> NumPy-Discussion mailing list
> NumPy-Discussion@scipy.org
> https://mail.scipy.org/mailman/listinfo/numpy-discussion
>
>
___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread John Ladasky 
This isn't just a Numpy issue.  You are interested in Python's eval().

Keep in mind that any programming language that blurs the line between code
and data (many do not) has a potential security vulnerability.  What if
your user doesn't type

"x = 2*np.sin(2*np.pi*44100*t+np.pi/2)"

but instead types this:

"import os ; os.remove('/home')"

I do NOT recommend that you eval() the second statement.

You can try to write code which traps unwanted input before you eval() it.
It's apparently quite hard to stop everything bad from getting through.


On Thu, Oct 27, 2016 at 12:58 PM, djxvillain  wrote:

> Hello all,
>
> I am an electrical engineer and new to numpy.  I need the ability to take
> in
> user input, and use that input as a variable.  For example:
>
> t = input('enter t: ')
> x = input('enter x: ')
>
> I need the user to be able to enter something like x =
> 2*np.sin(2*np.pi*44100*t+np.pi/2) and it be the same as if they just typed
> it in the .py file.  There's no clean way to cast or evaluate it that I've
> found.
>
> I could make a function to parse this string character by character, but I
> figured this is probably a common problem and someone else has probably
> figured it out and created an object for it.  I can't find a library that
> does it though.
>
> If I can provide any more information please let me know.  Thank you in
> advance for your help.
>
>
>
> --
> View this message in context: http://numpy-discussion.10968.
> n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665.html
> Sent from the Numpy-discussion mailing list archive at Nabble.com.
> ___
> NumPy-Discussion mailing list
> NumPy-Discussion@scipy.org
> https://mail.scipy.org/mailman/listinfo/numpy-discussion
>



-- 
*John J. Ladasky Jr., Ph.D.*
*Research Scientist*
*International Technological University*
*2711 N. First St, San Jose, CA 95134 USA*
___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread djxvillain 
That worked perfectly.  I've been googling how to do this, I guess I didn't
phrase it correctly.  Thank you very much.  You just saved me a ton of time.



--
View this message in context: 
http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665p43667.html
Sent from the Numpy-discussion mailing list archive at Nabble.com.
___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread Ryan May 
On Thu, Oct 27, 2016 at 1:58 PM, djxvillain  wrote:

> Hello all,
>
> I am an electrical engineer and new to numpy.  I need the ability to take
> in
> user input, and use that input as a variable.  For example:
>
> t = input('enter t: ')
> x = input('enter x: ')
>
> I need the user to be able to enter something like x =
> 2*np.sin(2*np.pi*44100*t+np.pi/2) and it be the same as if they just typed
> it in the .py file.  There's no clean way to cast or evaluate it that I've
> found.
>

Are you aware of Python's eval function:
https://docs.python.org/3/library/functions.html#eval

?

Ryan

-- 
Ryan May
___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion

[Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread djxvillain 
Hello all,

I am an electrical engineer and new to numpy.  I need the ability to take in
user input, and use that input as a variable.  For example:

t = input('enter t: ')
x = input('enter x: ')

I need the user to be able to enter something like x =
2*np.sin(2*np.pi*44100*t+np.pi/2) and it be the same as if they just typed
it in the .py file.  There's no clean way to cast or evaluate it that I've
found.

I could make a function to parse this string character by character, but I
figured this is probably a common problem and someone else has probably
figured it out and created an object for it.  I can't find a library that
does it though.

If I can provide any more information please let me know.  Thank you in
advance for your help.



--
View this message in context: 
http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665.html
Sent from the Numpy-discussion mailing list archive at Nabble.com.
___
NumPy-Discussion mailing list
NumPy-Discussion@scipy.org
https://mail.scipy.org/mailman/listinfo/numpy-discussion