How is correct use of eval()
Chris Rebert
clp2 at rebertia.com
Mon Oct 11 14:18:37 EDT 2010
On Mon, Oct 11, 2010 at 11:11 AM, Cata <catalinfest at gmail.com> wrote:
> Hi .
> I read about eval().
> I also read about this "bug" :
> cod = raw_input ('Enter:")
> eval (cod)
> if i use "rm -rf ~" all files will be deleted .
That's incorrect. eval() does not (directly) run shell commands. It
does evaluate arbitrary Python expressions though, which can delete
files and do other things just as nasty as rm -rf.
> What is correct way to use this function?
To not use it in the first place if at all possible (use int(),
float(), getattr(), etc. instead, depending on what you're doing), or
to only use it with trusted or heavily validated input.
Cheers,
Chris
--
Darned literature commentaries...
http://blog.rebertia.com
More information about the Python-list
mailing list