Phil Hassey wrote:
I spent some time today working on building a safe_eval function that
would make it "safe" to run user submitted bots in games
After fixing it to work with Python 2.3, I had a bash
on it, and I couldn't find a way of breaking it in an
evening or so of devious thought. So it looks pretty
good to me so far.
I did notice a couple of restrictions that don't
seem to be necessary:
* You seem to be disallowing any string literals
containing "__". This is futile, since you can
build up any string you want at run time.
* You're disallowing lambda while allowing def,
but anything you could do with a lambda could be
done with a def just as well, as far as I can
see.
BTW, shouldn't it really be called safe_exec rather
than safe_eval? It works on more than just expressions!
--
Greg
