Sorry, I should clarify something No one has taught me anything, I have been 
trying to learn all this on my own. To be honest much of the code I have is 
taken from examples and modified for what I was trying to do. Talk about 
learning the Hard Way!!! 

I have actually made everything work
My test.py is simply a print ("it works")
The way I made it work was to execfile the subject +.py, Again this is a small 
embedded device (BeagleBone Black) that will be using a mobile hotspot for 
internet, the hotspot has a private ip (Verizon) so I cannot access the server 
from outside the network. As such and because I am looking for ways to minimize 
data usage I want to be able interact with the device through email 
commands...... 
The code is not pretty and I have no doubt that there are thousands of ways for 
it to be hacked or messed up since there is little to no error checking in it. 
I don’t know enough to do so yet sorry I am doing the best I can and have only 
started learning python a week ago. 
I still have to add in a more complex command system that will allow me to 
change a settings page. So for example if I sent an email to the devices 
registered email address with the command 
NEW_OWNER(emailaddr...@email.com),(PASSWORD) it would change the Owners email 
to the one listed in the subject and only accept emails from that email address 
if the password matches. 
My plan is to have an email template that the script will reply back with that 
will have the commands listed in html so when the command is clicked from the 
email it will automatically open the email app and add in the keyword in the 
subject line to help eliminate typo errors.. 

Each Keyword is an .py script that this script will start it does not yet have 
a way of doing more complex changes like what I listed above and while I wish I 
could say that I wrote all this script from scratch the truth is I butchered 
other scripts from examples and made it work. But It is helping me learn (ALONG 
WITH GIVING ME A LOT OF GRAY HAIRS) that being said I love how python can be 
SIMPLE or as complex as you need it!

Sorry for what may seem like dumb questions I really do want to thank all of 
you for your help! 
 
#!/usr/bin/env python

import sys
import imaplib
import getpass
import email
import email.header


EMAIL_ACCOUNT = "myem...@gmail.com" # the email account that py will check
EMAIL_FOLDER = "INBOX"
OWNER = "willie14...@outlook.com"
COMMAND_FILE = open("output.txt","w")


def process_mailbox(M):

    rv, data = M.search(None, "From",(OWNER))
    if rv != 'OK':
        print "No messages found!"
        return

    for num in data[0].split():
        rv, data = M.fetch(num, '(RFC822)')
        if rv != 'OK':
            print "ERROR getting message", num
            return

        msg = email.message_from_string(data[0][1])
        decode = email.header.decode_header(msg['Subject'])[0]
        subject = unicode(decode[0])
        print '%s' % (subject)
        COMMAND_FILE.write('%s' % (subject)+'.py')
        COMMAND_FILE.close()
        EX = '%s' %(subject)+'.py' #save the subject as an name.py
        execfile (EX) # exe name as a py 
        
M = imaplib.IMAP4_SSL('imap.gmail.com')

try:
    rv, data = M.login(EMAIL_ACCOUNT, getpass.getpass())
except imaplib.IMAP4.error:
    print "LOGIN FAILED!!! "
    sys.exit(1)

print rv, data

rv, mailboxes = M.list()
#if rv == 'OK':
    #print "Mailboxes:"
    #print mailboxes

rv, data = M.select(EMAIL_FOLDER)
if rv == 'OK':
    print "Processing mailbox...\n"
    process_mailbox(M)
    M.select('INBOX')  
    M.store("1:*", '+FLAGS', '\\Deleted')  #Flag all Trash as Deleted
    M.expunge()
    M.close()
else:
    print "ERROR: Unable to open mailbox ", rv

M.logout()


-----Original Message-----
From: Danny Yoo [mailto:d...@hashcollision.org] 
Sent: Friday, February 27, 2015 7:27 PM
To: willie14...@outlook.com
Cc: Python Tutor Mailing List
Subject: Re: [Tutor] Use python to parse the subject line of emails, listen for 
and react to commands

> That's nearly always a bad idea. eval is a big security risk, 
> especially if applied to external input. And as you've discovered, it 
> makes debugging into a bit of a nightmare.

Yes, I concur with Alan.  eval() is definitely the wrong tool here.
It's **extraordinarily** dangerous in the context of consuming arbitrary email 
input.

Did anyone teach you to use eval()?


An alternative approach to what you're considering is to define a mapping from 
command name to functionality.  A quick-and-dirty approach uses a dictionary, 
and may have enough power for what you're
trying to do.   Here's an example to demonstrate: let's say that we'd
like a calculator that takes a sequence of operations, like:

     zero
     inc
     inc
     double

and performs them in turn to zero out memory, increment, increment, and double. 
 (getting us four).

Here's a brief sketch of what this might look like:

########################################
def zero(n):
    return 0

def double(n):
    return n * 2

def inc(n):
    return n + 1

cmd_mapping = {
    'zero': zero,
    'double': double,
    'inc': inc
}

## Run the calculator:
memory = 0
for cmd_string in 'inc inc inc double double inc'.split():
    cmd = cmd_mapping[cmd_string]
    memory = cmd(memory)
print memory
########################################


Here, we let a string dictate what's being computed, but in a controlled 
fashion.  The "magic" here is the line:

    cmd = cmd_mapping[cmd_string]

which gets a function, which we can just call later on.  Since cmd_mapping is a 
dictionary whose contents we control, we know that the only command being 
looked up has to be in the cmd_mapping.

Compare vs. an eval-based approach.  Unlike an approach that uses eval(), if 
the command string contains bad values here, nothing too bad will happen: at 
worst, we'll see a reliable dictionary lookup error.  You'll even get a good 
line number in the stack trace!  If we were to use eval, we would not.  In the 
worst case, we might accidentally let an adversary dictate what our computer is 
going to do, against our wishes.


For more discussion why eval() is almost certainly not the tool you want to 
use, see:

    http://code.activestate.com/lists/python-tutor/33338/
_______________________________________________
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor

Reply via email to