Question about using python as a scripting language
Carl Banks
pavlovevidence at gmail.com
Wed Aug 9 11:15:33 EDT 2006
Delaney, Timothy (Tim) wrote:
> Steve Lianoglou wrote:
>
> > One thing you could do is use the eval or compile methods. These
> > functions let you run arbitray code passed into them as a string.
> >
> > So, for instance, you can write:
> > my_list = eval('[1,2,3,4]')
>
> This is just asking for trouble.
>
> my_list = eval('import shutil; shutil.rmtree('/')')
Fortunately, that won't work because eval expects an expression.
Unfortunately, this will:
my_list = eval('__import__("shutil").rmtree("/")')
Carl Banks
More information about the Python-list
mailing list