Desactivating Python keywords and built-in functions

A

Andr? Roberge

In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)

André
 
B

Benjamin Niemann

Andr? Roberge said:
In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)
Click to expand...
In short:
there is no simple way :(

Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent hackers
will always find a way around your restrictions.
 
P

Peter L Hansen

Benjamin said:
Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent
hackers will always find a way around your restrictions.
Click to expand...

Maybe not *always*, but certainly nobody has yet shown themselves
willing and able to go all the way with an implementation which
is sufficiently secure that they could prove you wrong. ;-)

-Peter
 
L

Larry Bates

Peter said:
Maybe not *always*, but certainly nobody has yet shown themselves
willing and able to go all the way with an implementation which
is sufficiently secure that they could prove you wrong. ;-)

-Peter
Click to expand...

Couldn't you rebind the functions that you want to deactivate
to another function that didn't do what you don't want done?

def eval(s, g=None, l=None):
pass

Seems like those new to Python do this all the time with
list, dict, etc.

-Larry
 
J

Jeremy Bowers

In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:
Click to expand...

Others have commented that many others have tried this and not succeeded.

Maybe another tack: Is there a specific reason that you don't want people
using "eval"? Some specific object you don't want used, some specific
capability invoked? Maybe the root problem can be addressed in another way.

If it is just to prevent them from confusing themselves, I'd suggest the
"don't document it" solution :)
 
P

Peter L Hansen

Larry said:
Couldn't you rebind the functions that you want to deactivate
to another function that didn't do what you don't want done?

def eval(s, g=None, l=None):
pass

Seems like those new to Python do this all the time with
list, dict, etc.
Click to expand...

It's really quite pointless (or redundant, anyway) to discuss
this until you've searched the list archives for the many
past discussions about this. Suffice to sasy that the answer
to your suggestion is that there are other ways to find
the real "eval" again.

-Peter
 
D

dataangel

Andr? Roberge said:
In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)

André
Click to expand...
This doesn't exactly qualify as simple, but depending on how modular the
source is, it might be possible to simply comment them out and recompile.

There ought to be some way of doing this, I'd love to see a Python
interface to Robocode :D
 
S

Sridhar R

Don't read code as input.

Instead read `data` from user. If control of that data must be also
read as input, then read `action` key from user, from which get the
method using dictionary.

def foo_do(a,b):
print a,b

actions = {
'do_this': foo_do
....
}

data = raw_input()
a,b = data.split(',')
control = raw_input()
actions[control](a,b)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Retrieving Python Keywords 8
Almost keywords 0
Python keywords 6
PEP/GSoC idea: built-in parser generator module for Python? 0
Did you know that there is a match-case function in python? 4
@PyNoobs: The Fundamental Five Built-in Functions, and Beyond! 4
Python changing keywords name 6
"Don't rebind built-in names*" - it confuses readers 20

Members online

Total: 22 (members: 1, guests: 21)
Robots: 377

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top