Greg, Thanks for giving it a try :)
I'll add in the name safe_exec, since that makes sense :) As for disallowing __ string literals - this is because in my search of the parse tree, I use a simple, yet exhaustive search of all attributes for anything that looks bad. Having it customized for certain nodes would be a bit more complex. At one point - I had it reject *anything* that had a single _ in it. However, I decided that defeated my goal of "safe and usable subset of python". I use lots of variables_named_like_this. I don't think the loss of "__" is to harsh. As for disallowing lambda - it's probably not necessary, but lambda falls into the category of "slightly magical" and not used that much. I'd just as well leave it out for my purposes. (Though you can add it back into your use of safe.py if you think it's okay.) BTW - check out what Leonard did with the type() function. Yikes! I've made some updates to the script - http://www.imitationpickles.org/tmp/safe.py ... What in particular did you have to change to make it work with python 2.3? Later, Phil Greg Ewing <[EMAIL PROTECTED]> wrote: Phil Hassey wrote: > I spent some time today working on building a safe_eval function that > would make it "safe" to run user submitted bots in games After fixing it to work with Python 2.3, I had a bash on it, and I couldn't find a way of breaking it in an evening or so of devious thought. So it looks pretty good to me so far. I did notice a couple of restrictions that don't seem to be necessary: * You seem to be disallowing any string literals containing "__". This is futile, since you can build up any string you want at run time. * You're disallowing lambda while allowing def, but anything you could do with a lambda could be done with a def just as well, as far as I can see. BTW, shouldn't it really be called safe_exec rather than safe_eval? It works on more than just expressions! -- Greg --------------------------------- Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
