easy eval() fix?

[John Roth]

"Geoff Gerrietts" <geoff at gerrietts.net> wrote in message
news:mailman.122.1066249021.2192.python-list at python.org...
> On one of the projects I've worked with, early development featured a
> pattern where primitive data would be repr()'ed into a string, then
> eval()'ed back out of the string. Later in the project's evolution,
> this was seen to have some previously unconsidered security
> implications.
>
> The hard way to fix this is to go back and change all the places where
> data were repr()'ed into a string, and use some simpler system. But at
> its easiest, that's a great deal of work.
>
> I'm hoping that there's some module or project out there that I
> haven't seen that will translate simple primitives into python objects
> without doing variable interpolation or expression evaluation, etc.
>
> I know it's a pretty steep order, but I also know it's something I've
> seen before, in the form of the plist libraries under Objective C.
>
> Anyone got a quick fix?

I don't know of a module that does this, but I'm not altogether
certain it wouldn't be possible to put something together that
would suit what you need in around the same time it took to
write the message.

What are the primitive types you need to convert from repr()
string format back to their object format?

John Roth
>
> Thanks,
> --G.
>
> --