Claudiu Popa added the comment: Here's a patch which uses ast.literal_eval instead. This doesn't get code executed, since literal_eval will fail loudly for anything other than a literal. There are some issues to consider:
- let the current ast.literal_eval call bubble out with a lot of different exceptions - normalize the exception to dbm.dumb.error. I'm leaning towards the first, since it clearly shows that something bad happened in the module and it's a first indicator that someone tampered with the data file. ---------- keywords: +patch nosy: +Claudiu.Popa Added file: http://bugs.python.org/file37812/issue22885.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22885> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
