Can't get [4]*(1<<30)] to work with sage: s = "1,2,3,4,100"
sage: [ZZ(x) for x in s.split(',')]
[1, 2, 3, 4, 100]I am using a try/exception on the input from the field in the form. If one puts any strange string it shows an error. Robert did you see my post for help with my API? On Sep 14, 7:59 pm, Robert Bradshaw <[email protected]> wrote: > On Sep 14, 2009, at 12:09 PM, Mikie wrote: > > > Robert, > > > Can I use your technique above to input this string? The "[5]*3" > > gives me a problem > > > L1="[3,10,15,23,25,30,3,[5]*3]" > > You can, but here you're getting to the point where you're allowing > arbitrary input, not just a list of integers. What about "[1, 2, 3, > [4]*(1<<30)]"? How much memory do you have on your machine? > > - Robert > > > > > > > On Sep 10, 1:56 pm, Robert Bradshaw <[email protected]> > > wrote: > >> On Sep 10, 2009, at 12:24 PM, Robert Bradshaw wrote: > > >>> On Sep 9, 2009, at 9:01 AM, Tim Dumol wrote: > > >>>> `eval(the_string, globals = {"__builtins__":None}, locals = {})` > >>>> should do it. This removes access from all functions. Add any > >>>> functions that are needed by adding them to the "locals" > >>>> dictionary. > > >>>> As stated in:http://stackoverflow.com/questions/661084/security-of- > >>>> pythons-eval-on-untrusted-strings > >>>> andhttp://lybniz2.sourceforge.net/safeeval.html > > >>> Wow, this works, though for much deeper reasons than those given > >>> above. > > >>> sage: [].__class__.__subclasses__() > >>> [2].is_mutable.__func__.__globals__ > >>> ['__builtins__'] > >>> {'ArithmeticError': <type 'exceptions.ArithmeticError'>, > >>> ... > >>> 'zip': <built-in function zip>} > > >>> sage: eval("[].__class__.__subclasses__() > >>> [2].is_mutable.__func__.__globals__['__builtins__']", > >>> {"__builtins__":None}, {}) > >>> ------------------------------------------------------------ > >>> Traceback (most recent call last): > >>> File "<ipython console>", line 1, in <module> > >>> File "<string>", line 1, in <module> > >>> RuntimeError: restricted attribute > > >>> Even > > >>> sage: eval("[].__class__.__subclasses__()[2]([]).save('foo.txt')", > >>> {"__builtins__": None}, {}) > >>> ------------------------------------------------------------ > >>> Traceback (most recent call last): > >>> File "<ipython console>", line 1, in <module> > >>> File "<string>", line 1, in <module> > >>> File "sage_object.pyx", line 150, in > >>> sage.structure.sage_object.SageObject.save (sage/structure/ > >>> sage_object.c:1894) > >>> IOError: file() constructor not accessible in restricted mode > > >>> In short, if globals()['__builtins__'] != __builtins__ it runs in > >>> "Restricted mode" which disallows certain introspections and other > >>> operations. I don't know that it's bullet proof, but it looks pretty > >>> solid. > > >> A little googling yielded > > >>http://www.dalkescientific.com/writings/diary/archive/2008/03/03/ > >> restricted_python.html > > >> which is one (of who knows how many) holes in restricted mode. > > >> - Robert- Hide quoted text - > > >> - Show quoted text -- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/sage-support URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
