Is this a safe use of eval?
Frank Millman
frank at chagford.com
Thu Feb 24 03:48:39 EST 2011
Hi all
I know that the use of 'eval' is discouraged because of the dangers of
executing untrusted code.
Here is a variation that seems safe to me, but I could be missing something.
I have a class, and the class has one or more methods which accept various
arguments and return a result.
I want to accept a method name and arguments in string form, and 'eval' it
to get the result.
Assume I have an instance called my_inst, and a method called 'calc_area',
with arguments w and h.
I then receive my_string = 'calc_area(100, 200)'.
>>> result = eval('my_inst.{0}'.format(my_string))
This will only work if the string contains a valid method name with valid
arguments.
Can anyone see anything wrong with this?
Thanks
Frank Millman
More information about the Python-list
mailing list