[pypy-commit] pypy default: don't use eval on user input
cfbolz
pypy.commits at gmail.com
Tue Jul 5 02:31:38 EDT 2016
Author: Carl Friedrich Bolz <cfbolz at gmx.de>
Branch:
Changeset: r85552:7f5d1ceedd1d
Date: 2016-07-05 08:29 +0200
http://bitbucket.org/pypy/pypy/changeset/7f5d1ceedd1d/
Log: don't use eval on user input
diff --git a/dotviewer/graphparse.py b/dotviewer/graphparse.py
--- a/dotviewer/graphparse.py
+++ b/dotviewer/graphparse.py
@@ -85,10 +85,11 @@
pass
def splitline(line, re_word = re.compile(r'[^\s"]\S*|["]["]|["].*?[^\\]["]')):
+ import ast
result = []
for word in re_word.findall(line):
if word.startswith('"'):
- word = eval(word)
+ word = ast.literal_eval(word)
result.append(word)
return result
More information about the pypy-commit
mailing list