Sanitizing untrusted code for eval()
Diez B. Roggisch
deets at nospam.web.de
Mon Aug 22 18:35:43 EDT 2005
> Another thing you can do is use the compile message and then only allow
> certain bytecodes. Of course this approach means you need to implement
> this in a major version-dependent fashion, but it saves you the work of
> mapping source code to python. Eventually there will be another form
> available (the AST form), but that will show up no earlier than 2.5.
> As a matter of pure practicality, it turns out you can probably use
> almost the same code to look at 2.3 and 2.4 byte codes.
I don't know much about python byte code, but from the JASON-HP - which
features the grammar for JASON on the first page - I'm under the strong
impression that abusing the python parser by whatever means, including
the byte-code ahck you propse, is way more complicated than writing a
small parser - I don't know pyparsing, but I know spark, and it would be
a matter of 30 lines of code. And 100% no loopholes...
Additionally, having a parser allows you to spit out meaningful errors -
whilst mapping byte code back to input lines is certainly not easy, if
feasible at all.
Regards,
Diez
More information about the Python-list
mailing list