FAQ
Hi,

I know that this issue has been discussed before, but most of
the time using only one argument to eval().

Is it possible to use the following code, e.g. run as part of a
web application, to break in and if so, how?

import math

def myeval(untrustedinput):
return eval(untrustedinput, {"__builtins__": None},
{ "abs": abs, "sin": math.sin })

Is it possible to define functions or import modules from the
untrusted input string?

Which Python built-ins and math functions would I have to add to
the functions dictionary to make it unsafe?

TIA! (Please cc me, thanks.)

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 10 | next ›
Discussion Overview
grouppython-list @
categoriespython
postedFeb 21, '10 at 9:25p
activeFeb 28, '10 at 10:52p
posts10
users6
websitepython.org

People

Translate

site design / logo © 2022 Grokbase