editing conf file

Discussion in 'Python' started by chip9munk, Nov 16, 2012.

  1. chip9munk

    chip9munk Guest

    Hi all!

    I would like to use conf file to get all the variables in my code. And
    it works great. I use the following (simple example):

    execfile("example.conf", config)
    print config["value1"]

    and it works like a charm.

    Now the problem is I do not know how to edit the conf file...
    let us say that I calculate something and would like to save it in the
    conf file so that it is set for the next run of some program.

    How do I edit a specific value in the conf file? (I would like to avoid
    editing txt if possible)...

    I should also mention that I use Python 3.. so some of the solutions I
    came across are not compatible...

    Thanks!!
     
    chip9munk, Nov 16, 2012
    #1
    1. Advertising

  2. chip9munk

    chip9munk Guest

    chip9munk, Nov 16, 2012
    #2
    1. Advertising

  3. chip9munk

    rusi Guest

    rusi, Nov 16, 2012
    #3
  4. chip9munk

    chip9munk Guest

    On 11/16/2012 1:35 PM, rusi wrote:
    > And there may be better options (allows nested sections)
    > http://www.voidspace.org.uk/python/configobj.html
    >


    but it does not seem to work with python 3

    I have an issue...
    configparser has four functions: get, getboolean, getfloat and getint.

    how do I get list from cfg file?!

    any ideas?
     
    chip9munk, Nov 16, 2012
    #4
  5. Am 16.11.2012 13:06, schrieb chip9munk:
    > I would like to use conf file to get all the variables in my code. And
    > it works great. I use the following (simple example):
    >
    > execfile("example.conf", config)
    > print config["value1"]
    >
    > and it works like a charm.


    This works, but in general importing configuration data by loading and
    executing code is a questionable approach. The problem is in particular
    that the code parser is always more strict with the syntax than a
    configuration file should be. Also, it presents the danger of code
    injection, especially when exec'ing or importing untrusted code.

    That said, if you really want full programmability inside that
    configuration and are aware of the implications, you can do that. In
    that case, I would rather call this a Python module though and instead
    "from settings.py import *" to import any setting from this module (this
    is similar to exec(), but less hack-ish). I use something similar to
    import settings for automated tests, but still wouldn't recommend it for
    general use.

    If you don't want that, use a configuration file parser instead. Python
    comes with one, see the section "13.2 Configuration file parser" at
    http://docs.python.org/2/library/, which can both read and write simple
    configuration files.


    > I should also mention that I use Python 3.. so some of the solutions I
    > came across are not compatible...


    No you don't, Above code clearly uses a print statement instead of a
    print function. :p Anyhow, concerning the link above, replace the 2 with
    a 3 and skip to section 14.2.

    Uli
     
    Ulrich Eckhardt, Nov 16, 2012
    #5
  6. chip9munk

    Thomas Bach Guest

    On Fri, Nov 16, 2012 at 01:48:49PM +0100, chip9munk wrote:
    > configparser has four functions: get, getboolean, getfloat and getint.
    >
    > how do I get list from cfg file?!


    AFAIK you have to parse the list yourself. Something like

    my_list = [ s.strip() for s in cp.get('section', 'option').split(',') ]

    if you use a comma as a separator.

    Have a look at YAML if this is not enough for you, as I think lists
    are supported there. Haven't had a look myself though, yet.

    Regards,
    Thomas Bach.
     
    Thomas Bach, Nov 16, 2012
    #6
  7. chip9munk

    chip9munk Guest

    On 11/16/2012 2:02 PM, Ulrich Eckhardt wrote:
    > Am 16.11.2012 13:06, schrieb chip9munk:
    >> I would like to use conf file to get all the variables in my code. And
    >> it works great. I use the following (simple example):
    >>
    >> execfile("example.conf", config)
    >> print config["value1"]
    >>
    >> and it works like a charm.

    >
    > This works, but in general importing configuration data by loading and
    > executing code is a questionable approach. The problem is in particular
    > that the code parser is always more strict with the syntax than a
    > configuration file should be. Also, it presents the danger of code
    > injection, especially when exec'ing or importing untrusted code.


    huh... ok, the thing is that there will actually be no code in the
    config file, just some variables and values.. it will be more like a
    "setting file"... so no execution of the config file is necessary, just
    getting and setting variables...


    > That said, if you really want full programmability inside that
    > configuration and are aware of the implications, you can do that. In
    > that case, I would rather call this a Python module though and instead
    > "from settings.py import *" to import any setting from this module (this
    > is similar to exec(), but less hack-ish). I use something similar to
    > import settings for automated tests, but still wouldn't recommend it for
    > general use.


    thank you for the tip!

    > If you don't want that, use a configuration file parser instead. Python
    > comes with one, see the section "13.2 Configuration file parser" at
    > http://docs.python.org/2/library/, which can both read and write simple
    > configuration files.


    yes I will use it

    >> I should also mention that I use Python 3.. so some of the solutions I
    >> came across are not compatible...

    >
    > No you don't, Above code clearly uses a print statement instead of a
    > print function. :p


    Yes i do :) i just did not c/p code from my script but from some webpage
    :)) i have print (config["value1"])

    > Anyhow, concerning the link above, replace the 2 with
    > a 3 and skip to section 14.2.


    thank you i am using configparser... the only problem as i mention in
    another post is that it reads lists as string... so some additional
    parsing is necessary..

    thanks!
     
    chip9munk, Nov 16, 2012
    #7
  8. chip9munk

    chip9munk Guest

    On 11/16/2012 2:04 PM, Thomas Bach wrote:
    > On Fri, Nov 16, 2012 at 01:48:49PM +0100, chip9munk wrote:
    >> configparser has four functions: get, getboolean, getfloat and getint.
    >>
    >> how do I get list from cfg file?!

    >
    > AFAIK you have to parse the list yourself. Something like
    >
    > my_list = [ s.strip() for s in cp.get('section', 'option').split(',') ]
    >
    > if you use a comma as a separator.


    yes i guess this is needed, thanks!

    > Have a look at YAML if this is not enough for you, as I think lists
    > are supported there. Haven't had a look myself though, yet.
    >


    I will check it out!

    Thank you!
     
    chip9munk, Nov 16, 2012
    #8
  9. chip9munk

    Tim Chase Guest

    On 11/16/12 07:04, Thomas Bach wrote:
    > On Fri, Nov 16, 2012 at 01:48:49PM +0100, chip9munk wrote:
    >> configparser has four functions: get, getboolean, getfloat and getint.
    >>
    >> how do I get list from cfg file?!

    >
    > AFAIK you have to parse the list yourself. Something like
    >
    > my_list = [ s.strip() for s in cp.get('section', 'option').split(',') ]
    >
    > if you use a comma as a separator.


    For slightly more complex option text, you can use the CSV module to
    do the heavy lifting, so if you have something like

    [section]
    option="one, one, one",two,3

    then you can have Python give you

    my_list = next(csv.reader([cp.get("section", "option")]))

    or alternatively use the shlex module and separate them like shell
    options:

    [section]
    option="one, one, one" two 3

    then do

    my_list = list(shlex.shlex(cp.get("section", "option")))

    Or yet one more way using Python list syntax for literals:

    [section]
    option=["one, one, one", "two", 3]

    and get them with

    my_list = ast.literal_eval(cp.get("section", "option))

    Lots of fun (and batteries-included) ways depending on how you want
    to represent the list in the config file and what sorts of data it
    can contain.

    -tkc
     
    Tim Chase, Nov 16, 2012
    #9
  10. chip9munk

    Roy Smith Guest

    Ulrich Eckhardt <> wrote:
    > in general importing configuration data by loading and
    > executing code is a questionable approach. The problem is in particular
    > that the code parser is always more strict with the syntax than a
    > configuration file should be. Also, it presents the danger of code
    > injection, especially when exec'ing or importing untrusted code.


    chip9munk <"chip9munk[SSSpAm"@gmail.com> wrote:
    > huh... ok, the thing is that there will actually be no code in the
    > config file, just some variables and values.. it will be more like a
    > "setting file"... so no execution of the config file is necessary, just
    > getting and setting variables...


    I've been using django for the past couple of years, and I have to say
    I'm really addicted to their style of executable config files. The
    ability to put conditional logic in your settings.py file is extremely
    powerful. Even simple stuff like:

    DEBUG = songza.config['build_type'] != 'production'

    adds value.

    But, yes, Ulrich is 100% correct that it can lead to code injection
    attacks if you allow reading configs from untrusted sources. Like all
    powerful tools, it needs to be used with care.

    These days, if I was writing something that needed a config file and I
    didn't want to do "import settings" for whatever reason, I would go with
    YAML. It seems to give an attractive mix of:

    * supporting complex data structures
    * easy to for humans to hand-edit
    * easy for humans to read
    * safe from code injection attacks
     
    Roy Smith, Nov 16, 2012
    #10
  11. chip9munk

    rusi Guest

    On Nov 16, 7:08 pm, Roy Smith <> wrote:
    > These days, if I was writing something that needed a config file and I
    > didn't want to do "import settings" for whatever reason, I would go with
    > YAML.  It seems to give an attractive mix of:
    >
    > * supporting complex data structures
    > * easy to for humans to hand-edit
    > * easy for humans to read
    > * safe from code injection attacks


    +1 except for a caveat on the last:
    Use safe_load and safe_dump.
    dump and load are vulnerable to code injection attacks
     
    rusi, Nov 16, 2012
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve

    Apache conf file parser

    Steve, Nov 17, 2004, in forum: Python
    Replies:
    0
    Views:
    387
    Steve
    Nov 17, 2004
  2. Hugh
    Replies:
    4
    Views:
    460
    CBFalconer
    Jun 3, 2005
  3. Replies:
    0
    Views:
    622
  4. MegaC
    Replies:
    3
    Views:
    542
    Brian Helterline
    May 24, 2004
  5. Tomasz Chmielewski

    editing smb.conf (INI files)

    Tomasz Chmielewski, Jun 30, 2008, in forum: Perl Misc
    Replies:
    1
    Views:
    227
    Tomasz Chmielewski
    Jun 30, 2008
Loading...

Share This Page