Message 304374 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ncoghlan
Recipients	David Bieber, benjamin.peterson, brett.cannon, docs@python, ncoghlan, terry.reedy, yselivanov
Date	2017-10-14.05:05:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1507957542.17.0.213398074469.issue31778@psf.upfronthosting.co.za>
In-reply-to

Content
I'm marking this as documentation issue for now, as the operators that literal_eval allows are solely those where constant folding support is needed to correctly handle complex and negative numbers (as noted in the original post): ``` >>> dis.dis("+1") 1 0 LOAD_CONST 1 (1) 2 RETURN_VALUE >>> dis.dis("-1") 1 0 LOAD_CONST 1 (-1) 2 RETURN_VALUE >>> dis.dis("1+1") 1 0 LOAD_CONST 1 (2) 2 RETURN_VALUE >>> dis.dis("1+1j") 1 0 LOAD_CONST 2 ((1+1j)) 2 RETURN_VALUE >>> dis.dis("2017-10-10") 1 0 LOAD_CONST 3 (1997) 2 RETURN_VALUE ``` So the key promise that literal_eval makes is that it will not permit arbitrary code execution, but the docs should make it clearer that it does permit constant folding for addition and subtraction in order to handle the full range of numeric literals. If folks want to ensure that the input string doesn't include a binary operator, then that currently needs to be checked separately with ast.parse: ``` >>> type(ast.parse("2+3").body[0].value) is ast.BinOp True >>> type(ast.parse("2017-10-10").body[0].value) is ast.BinOp True ``` For 3.7+, that check could potentially be encapsulated as an "allow_folding=True" keyword-only parameter (where the default gives the current behaviour, while "allow_folding=False" disables processing of UnaryOp and BinOp), but the docs update is the more immediate need.

I'm marking this as documentation issue for now, as the operators that literal_eval allows are solely those where constant folding support is needed to correctly handle complex and negative numbers (as noted in the original post):

```
>>> dis.dis("+1")
  1           0 LOAD_CONST               1 (1)
              2 RETURN_VALUE
>>> dis.dis("-1")
  1           0 LOAD_CONST               1 (-1)
              2 RETURN_VALUE
>>> dis.dis("1+1")
  1           0 LOAD_CONST               1 (2)
              2 RETURN_VALUE
>>> dis.dis("1+1j")
  1           0 LOAD_CONST               2 ((1+1j))
              2 RETURN_VALUE
>>> dis.dis("2017-10-10")
  1           0 LOAD_CONST               3 (1997)
              2 RETURN_VALUE
```

So the key promise that literal_eval makes is that it will not permit arbitrary code execution, but the docs should make it clearer that it *does* permit constant folding for addition and subtraction in order to handle the full range of numeric literals.

If folks want to ensure that the input string *doesn't* include a binary operator, then that currently needs to be checked separately with ast.parse:

```
>>> type(ast.parse("2+3").body[0].value) is ast.BinOp
True
>>> type(ast.parse("2017-10-10").body[0].value) is ast.BinOp
True
```

For 3.7+, that check could potentially be encapsulated as an "allow_folding=True" keyword-only parameter (where the default gives the current behaviour, while "allow_folding=False" disables processing of UnaryOp and BinOp), but the docs update is the more immediate need.

History
Date	User	Action	Args
2017-10-14 05:05:42	ncoghlan	set	recipients: + ncoghlan, brett.cannon, terry.reedy, benjamin.peterson, docs@python, yselivanov, David Bieber
2017-10-14 05:05:42	ncoghlan	set	messageid: <1507957542.17.0.213398074469.issue31778@psf.upfronthosting.co.za>
2017-10-14 05:05:42	ncoghlan	link	issue31778 messages
2017-10-14 05:05:40	ncoghlan	create