On Thu, 15 Jan 2009 03:29:59 -0800, mario ruggier wrote:
> Hello,
>
> I would like to evaluate list comprehension expressions, from within
> which I'd like to call a function. For a first level it works fine but
> for second level it seems to lose the "_[1]" variable it uses internally
> to accumulate the results. Some sample code is:
>
> class GetItemEvaluator(object):
> def __init__(self):
> self.globals = globals() # some dict (never changes)
Would you like to put a small wager on that?
>>> len(gie.globals)
64
>>> something_new = 0
>>> len(gie.globals)
65
> self.globals["ts"] = self.ts
> self.globals["join"] = "".join
> self.locals = {} # changes on each evaluation
> def __getitem__(self, expr):
> return eval(expr, self.globals, self.locals)
Can you say "Great Big Security Hole"?
>>> gie = GetItemEvaluator()
>>> gie['__import__("os").system("ls")']
dicttest dumb.py rank.py sorting
startup.py
0
http://cwe.mitre.org/data/definitions/95.html
--
Steven
--
http://mail.python.org/mailman/listinfo/python-list
