On Jan 16, 1:35 pm, ajaksu <[email protected]> wrote:
> On Jan 16, 5:09 am, mario ruggier <[email protected]> wrote:
>
> > Laboriously doing all these
> > checks on each expr eval will be very performance heavy, so I hope to
> > be able to limit access to all these more efficiently. Suggestions?
>
> None regarding the general issue, a try:except to handle this one:
>
> '(x for x in ()).throw("bork")'
What is the potential security risk with this one?
To handle this and situations like the ones pointed out above on this
thread, I will probably affect the following change to the
evoque.evaluator.RestrictedEvaluator class, and that is to replace the
'if name.find("__")!=-1:' with an re.search... where the re is defined
as:
restricted = re.compile(r"|\.".join([
"__", "func_", "f_", "im_", "tb_", "gi_", "throw"]))
and the test becomes simply:
if restricted.search(name):
All the above attempts will be blocked this way. Any other disallow-
sub-strings to add to the list above?
And thanks a lot Daniel, need to find a way to get somebeer over to
ya... ;-)
mario
--
http://mail.python.org/mailman/listinfo/python-list
