[Python-Dev] Improved evaluator added to ast module
Vinay Sajip
vinay_sajip at yahoo.co.uk
Thu Oct 11 18:06:06 CEST 2012
In response to http://bugs.python.org/issue15452, I've created an improved
evaluator in the ast module in my sandbox repo. The evaluator supports lookup of
names in a supplied namespace. The basic interface is
def lookup_eval(source_string_or_ast_node, namespace, allow_imports=False):
# perform limited evaluation of Python expressions
Function calls are not allowed in expressions, but the following are:
* Names (looked up in namespace, and imported if not found there and
allow_imports is True)
* Literals, just as literal_eval() does
* Array indexing and slicing
* Attribute access
* Arithmetic operators
* Bitwise operators
* Comparison operators
* in / not in
* and / or
* Unary operators
The patch is attached to the issue, and includes changes to replace the use
of eval() by logging.config.fileConfig() to use ast.lookup_eval().
I would welcome review of the patch, particularly as there may be security
implications (the issue is titled "Improve the security model for logging
listener").
Barring objections, I plan to commit it in a week or so.
Regards,
Vinay Sajip
More information about the Python-Dev
mailing list