Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > RE: Question about ast.literal_eval

Reply
Thread Tools

RE: Question about ast.literal_eval

 
 
Carlos Nepomuceno
Guest
Posts: n/a
 
      05-20-2013
----------------------------------------
> To: http://www.velocityreviews.com/forums/(E-Mail Removed)
> From: (E-Mail Removed)
> Subject: Re: Question about ast.literal_eval
> Date: Mon, 20 May 2013 09:50:02 +0200
>
> [Corrected top-posting]
>
>>> To: (E-Mail Removed)
>>> From: (E-Mail Removed)
>>> Subject: Question about ast.literal_eval
>>> Date: Mon, 20 May 2013 09:05:48 +0200
>>>
>>> Hi all
>>>
>>> I am trying to emulate a SQL check constraint in Python. Quoting from
>>> the PostgreSQL docs, "A check constraint is the most generic constraint
>>> type. It allows you to specify that the value in a certain column must
>>> satisfy a Boolean (truth-value) expression."
>>>
>>> The problem is that I want to store the constraint as a string, and I
>>> was hoping to use ast.literal_eval to evaluate it, but it does not work.
>>>

>
> On 20/05/2013 09:34, Carlos Nepomuceno wrote:
>
>> It seems to me you can't use ast.literal_eval()[1] to evaluate that kindof expression
>> because it's just for literals[2].
>>
>> Why don't you use eval()?
>>

>
> Because users can create their own columns, with their own constraints.
> Therefore the string is user-modifiable, so it cannot be trusted.


I understand your motivation but I don't know what protection ast.literal_eval() is offering that eval() doesn't.

> Frank
>
>
> --
> http://mail.python.org/mailman/listinfo/python-list
 
Reply With Quote
 
 
 
 
Steven D'Aprano
Guest
Posts: n/a
 
      05-20-2013
On Mon, 20 May 2013 10:55:35 +0300, Carlos Nepomuceno wrote:

> I understand your motivation but I don't know what protection
> ast.literal_eval() is offering that eval() doesn't.


eval will evaluate any legal Python expression:


py> eval("__import__('os').system('echo Mwahaha! Now you are pwned!') or 42")
Mwahaha! And now you are pwned!
42


ast.literal_eval() does exactly what the name says: it will evaluate any
legal Python LITERAL, including ints, floats, lists, dicts and strings,
but not arbitrary expressions.


py> ast.literal_eval('123')
123
py> ast.literal_eval('[123, None, "spam"]')
[123, None, 'spam']



--
Steven
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I need your advices about C prg. Dogukan Bayraktar C Programming 76 06-16-2013 08:54 AM
question about try/except blocks J Python 1 05-03-2013 03:02 AM
Re: question about try/except blocks Devin Jeanpierre Python 0 05-03-2013 02:23 AM
silly question about Running a script from the command line A.Rock Python 0 04-10-2013 11:21 AM
newbie question about confusing exception handling in urllib cabbar@gmail.com Python 6 04-09-2013 07:11 PM



Advertisments