On 1/22/18 3:22 AM, ken...@gameofy.com wrote:
I'm using exec() to run a (multi-line) string of python code. If an
exception occurs, I get a traceback containing a stack frame for the
string. I've labeled the code object with a "file name" so I can
identify it easily, and when I debug, I find that I can interact with
the context of that stack frame, which is pretty handy.
What I would like to also be able to do is make the code string
visible to the debugger so I can look at and step through the code in
the string as if it were from a python file.
Lest this topic forks into a security discussion, I'll just add that
for my purposes the data source is trusted. If you really want to talk
about the security of using exec and eval, fine, but start another
thread (BTW, I've written a simple secure eval())....
I haven't tried this, but what if you write the string to a temporary
file, and then claim that the code came from that file? Code objects are
immutable, so you'll need to recompile a new code object, but then you
can poke that object into the frame (I think?). It will be fiddly, and
may not work at all, as is typical with hacking at this level of the
interpreter.
I'm still interested in your simple secure eval if you have the time to
tell us about it.
--Ned.
--
https://mail.python.org/mailman/listinfo/python-list
