[BangPypers] magic in datetime module?
Anand Balachandran Pillai
abpillai at gmail.com
Fri Apr 3 09:38:47 CEST 2009
On Fri, Apr 3, 2009 at 1:06 PM, Anand Balachandran Pillai <
abpillai at gmail.com> wrote:
>
>
> On Fri, Apr 3, 2009 at 12:53 PM, Anand Chitipothu <anandology at gmail.com>wrote:
>
>> 2009/4/3 Noufal Ibrahim <noufal at gmail.com>:
>> > There was a thread on python-dev recently about sandboxing code by
>> > restricting the variables provided. A lot of people broke it (you can
>> > check the archives for "break this code" or something similar).
>>
>> This one?
>>
>> http://mail.python.org/pipermail/python-dev/2009-February/086401.html
>>
>> > In any case, if you deny people the ability to use __import__, then
>> > any functions that call import will fail. Whether that's a good
>> > practice is questionable but that's the state of affairs.
>>
>> It does restrict people from using imports, but it doesn't restrict
>> calling functions which use import.
>>
>> The problem with the mentioned code is that an implicit import is
>> getting called in the current env. If that import is inside that
>> function then it wouldn't be an issue.
>
>
> Use this work-around.
>
> # Save the name __import__
> __import__ = __builtins__.__import__
> __builtins = {}
>
> import datetime
> now = datetime.datetime.utcnow()
> print now.strftime("%m %Y")
>
> This works. Do this at the top of all modules which is dependent
> on your code which breaks __builtin__.
>
Retracted. I was testing wrong code :) It should be __builtins__,
not __builtins, in which case it fails...!
However you can do the same thing and inject the __import__
name after your modification.
Like,
code = generate_code(template)
__import__ = __builtins__.__import__
custom_builtins.__import__ = __import__
env = {'__builtins__': custom_builtins}
exec(code, env)
?
>
>
>> _______________________________________________
>> BangPypers mailing list
>> BangPypers at python.org
>> http://mail.python.org/mailman/listinfo/bangpypers
>>
>
>
>
> --
> -Anand
>
>
>
>
--
-Anand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/bangpypers/attachments/20090403/02423d06/attachment-0001.htm>
More information about the BangPypers
mailing list