List comprehension - NameError: name '_[1]' is not defined ?
mario ruggier
mario.ruggier at gmail.com
Fri Jan 16 12:45:34 EST 2009
On Jan 16, 1:35 pm, ajaksu <aja... at gmail.com> wrote:
> On Jan 16, 5:09 am, mario ruggier <mario.rugg... at gmail.com> wrote:
>
> > Laboriously doing all these
> > checks on each expr eval will be very performance heavy, so I hope to
> > be able to limit access to all these more efficiently. Suggestions?
>
> None regarding the general issue, a try:except to handle this one:
>
> '(x for x in ()).throw("bork")'
What is the potential security risk with this one?
To handle this and situations like the ones pointed out above on this
thread, I will probably affect the following change to the
evoque.evaluator.RestrictedEvaluator class, and that is to replace the
'if name.find("__")!=-1:' with an re.search... where the re is defined
as:
restricted = re.compile(r"|\.".join([
"__", "func_", "f_", "im_", "tb_", "gi_", "throw"]))
and the test becomes simply:
if restricted.search(name):
All the above attempts will be blocked this way. Any other disallow-
sub-strings to add to the list above?
And thanks a lot Daniel, need to find a way to get somebeer over to
ya... ;-)
mario
More information about the Python-list
mailing list