[issue11549] Build-out an AST optimizer, moving some functionality out of the peephole optimizer
STINNER Victor
report at bugs.python.org
Tue Jan 31 09:35:03 EST 2017
STINNER Victor added the comment:
> Currently there is no a bug in ast.literal_eval() because the '**' operator is not accepted.
The doc says "This can be used for safely evaluating strings containing Python values from untrusted sources without the need to parse the values oneself. It is not capable of evaluating arbitrarily complex expressions, for example involving operators or indexing."
https://docs.python.org/dev/library/ast.html#ast.literal_eval
I don't think that it's a bug, but a deliberate design choice. a**b is an obvious trick to DoS a server (high CPU and memory usage).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11549>
_______________________________________
More information about the Python-bugs-list
mailing list