Message 381894 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, cryptophoto
Date	2020-11-26.11:44:49
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1606391089.87.0.574456499305.issue42472@roundup.psfhosted.org>
In-reply-to

Content
Would you care to explain why this should not work and how this behavior is in violation of the language specification? It is perfectly valid expression. From a security perspective it may be an undesired feature. However Python does neither claim nor promise that eval is secure, see articel https://lwn.net/Articles/574215/ for more information on a failed attempt to sandbox Python. There is also ast.literal_eval() function, which provides limit evaluation of simple expressions.

Would you care to explain why this should not work and how this behavior is in violation of the language specification?

It is perfectly valid expression. From a security perspective it may be an undesired feature. However Python does neither claim nor promise that eval is secure, see articel https://lwn.net/Articles/574215/ for more information on a failed attempt to sandbox Python. There is also ast.literal_eval() function, which provides limit evaluation of simple expressions.

History
Date	User	Action	Args
2020-11-26 11:44:49	christian.heimes	set	recipients: + christian.heimes, cryptophoto
2020-11-26 11:44:49	christian.heimes	set	messageid: <1606391089.87.0.574456499305.issue42472@roundup.psfhosted.org>
2020-11-26 11:44:49	christian.heimes	link	issue42472 messages
2020-11-26 11:44:49	christian.heimes	create