Message 280122 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xiang.zhang
Recipients	Carl Ekerot, christian.heimes, loewis, serhiy.storchaka, xiang.zhang
Date	2016-11-05.19:21:44
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1478373704.93.0.465961593963.issue28563@psf.upfronthosting.co.za>
In-reply-to

Content
Christian, I think our patches are quite similar in function. They only allow limited tokens. > I consider it a superior solution and a fix for more generic attacks Mine now still allows **. But it can be easily fixed. But both our patches still translate a C expression to Python and still suffer from nested ternary operator and different semantics between C and Python, e.g. (2==2==2 as Serhiy notes). :-( I plan to try a simple parser.

Christian, I think our patches are quite similar in function. They only allow limited tokens. 

> I consider it a superior solution and a fix for more generic attacks

Mine now still allows **. But it can be easily fixed.

But both our patches still translate a C expression to Python and still suffer from nested ternary operator and different semantics between C and Python, e.g. (2==2==2 as Serhiy notes). :-( I plan to try a simple parser.

History
Date	User	Action	Args
2016-11-05 19:21:44	xiang.zhang	set	recipients: + xiang.zhang, loewis, christian.heimes, serhiy.storchaka, Carl Ekerot
2016-11-05 19:21:44	xiang.zhang	set	messageid: <1478373704.93.0.465961593963.issue28563@psf.upfronthosting.co.za>
2016-11-05 19:21:44	xiang.zhang	link	issue28563 messages
2016-11-05 19:21:44	xiang.zhang	create