[issue15452] Eliminate the use of eval() in the logging config implementation
Vinay Sajip
report at bugs.python.org
Thu Jul 26 10:55:43 CEST 2012
Vinay Sajip <vinay_sajip at yahoo.co.uk> added the comment:
It's not actually the PEP 391 implementation - dictConfig() - that uses eval(). Rather, it's the older fileConfig() API which was part of the original logging package when added to Python 2.3. The use of eval() by fileConfig() was documented at that time, IIRC.
I have no problem in principle with updating fileConfig() - which uses eval() in just one private function - to use ast.literal_eval(), but it may break existing, innocuous code which can't be handled by ast.literal_eval().
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15452>
_______________________________________
More information about the Python-bugs-list
mailing list