Simple and safe evaluator
bvdp
bob at mellowood.ca
Fri Jun 20 13:00:46 EDT 2008
Aahz wrote:
> In article <f407c296-9e02-47a6-8f17-b32332fbfcaf at u12g2000prd.googlegroups.com>,
> Simon Forman <sajmikins at gmail.com> wrote:
>> FWIW, I got around to implementing a function that checks if a string
>> is safe to evaluate (that it consists only of numbers, operators, and
>> "(" and ")"). Here it is. :)
>
> What's safe about "10000000 ** 10000000"?
Guess it depends on your definition of safe. I think that in most cases
folks looking for "safe" are concerned about a malicious interjection of
a command like "rm *" ... your example hangs the system for a long time
and eventually will error out when it runs out of memory, but (probably)
doesn't cause data corruption.
It would be nice if in a future version of Python we could have a
safe/limited eval() ... which would limit the resources.
More information about the Python-list
mailing list