On Thu, Oct 11, 2012 at 12:34 PM, Benjamin Peterson <benja...@python.org> wrote: > 2012/10/11 Vinay Sajip <vinay_sa...@yahoo.co.uk>: >> In response to http://bugs.python.org/issue15452, I've created an improved >> evaluator in the ast module in my sandbox repo. The evaluator supports >> lookup of >> names in a supplied namespace. The basic interface is >> >> def lookup_eval(source_string_or_ast_node, namespace, allow_imports=False): >> # perform limited evaluation of Python expressions >> >> Function calls are not allowed in expressions, but the following are: >> >> * Names (looked up in namespace, and imported if not found there and >> allow_imports is True) >> * Literals, just as literal_eval() does >> * Array indexing and slicing >> * Attribute access >> * Arithmetic operators >> * Bitwise operators >> * Comparison operators >> * in / not in >> * and / or >> * Unary operators > > With this operations, you can still cause a lot of trouble. > >> >> The patch is attached to the issue, and includes changes to replace the use >> of eval() by logging.config.fileConfig() to use ast.lookup_eval(). >> >> I would welcome review of the patch, particularly as there may be security >> implications (the issue is titled "Improve the security model for logging >> listener"). > > What exactly are you trying to prevent?
How does this compare to the markerlib approach? In markerlib you just make sure all the AST nodes are in a set of allowed nodes, currently (Compare, BoolOp, Attribute, Name, Load, Str, cmpop, boolop), and then use the normal eval(). Is one way more secure / fast / flexible than the other? (https://bitbucket.org/dholth/markerlib/src/tip/markerlib/markers.py) Thanks, Daniel H _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
