[issue15452] Improve the security model for logging listener()
Vinay Sajip
report at bugs.python.org
Tue Oct 2 17:07:47 CEST 2012
Vinay Sajip added the comment:
I've updated logging as discussed in this issue, except for the removal of the two calls to eval() in logging.config. I propose to resolve that as follows:
1. Add the Evaluator implemented in the Gist I linked to to ast.py.
2. Expose a function 'ast.lookup_eval(source, context, allow_import)' which basically just does a
return Evaluator(context, allow_import).evaluate(source, '<lookup_eval>')
3. Add docs and tests to ast.rst and test_ast.py.
4. Update logging.config to call ast.lookup_eval() instead of eval().
Please comment if you see any problems with this, otherwise I will go
ahead and implement this change within the next week or so.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15452>
_______________________________________
More information about the Python-bugs-list
mailing list