Convert obejct string repr to actual object
Carsten Haese
carsten at uniqsys.com
Mon Oct 8 15:40:49 EDT 2007
On Mon, 2007-10-08 at 21:19 +0200, Tor Erik Sønvisen wrote:
> Hi,
>
> I've tried locating some code that can recreate an object from it's
> string representation...
> The object in question is really a dictionary containing other
> dictionaries, lists, unicode strings, floats, ints, None, and
> booleans.
>
> I don't want to use eval, since I can't trust the source sending the
> object.
You could still use eval, but run a separate algorithm first to make
sure the string is "legal." For example, you could whip up a simple
PyParsing grammar to restrict the set of allowable strings, or compile
the string into byte code and inspect the byte code to look for red
flags like LOAD_NAME (with a name other than None) and CALL_FUNCTION.
HTH,
--
Carsten Haese
http://informixdb.sourceforge.net
More information about the Python-list
mailing list