Safe eval, or how to get list from string

[bwooster47]

I've to use ConfigParser.

It returns values that are exactly in the config file, so get string
variables like:
int1 with quotes and characers: "42"
this is easy to convert to int:
realint = int(int1)

I've read the tutorial, and the FAQ, and not sure if I missed it, but
other than calling eval (which everyone says is unsafe), I don't know
if there is another way to do this:
string1 has "this is a string" or however complex a string (""" aaa
""").
I can do
realstring = eval(string1)
or
if there is list1 = "[ 'filea', 'fileb', ]", I can get at list by
doing:
reallist = eval(list1)

is there an easier/simpler method of doing the same thing as realstring
and reallist lines above?

 

[Jason Mobarak]

if there is list1 = "[ 'filea', 'fileb', ]", I can get at list by
doing:
reallist = eval(list1)
is there an easier/simpler method of doing the same thing as realstring
and reallist lines above?
http://twistedmatrix.com/users/moshez/unrepr.py

Example:

from unrepr import unrepr
unrepr("[ 'filea', 'fileb', ]")

['filea', 'fileb']

 

[Michael Spencer]

I've to use ConfigParser.

It returns values that are exactly in the config file, so get string
variables like:
int1 with quotes and characers: "42"
this is easy to convert to int:
realint = int(int1)

I've read the tutorial, and the FAQ, and not sure if I missed it, but
other than calling eval (which everyone says is unsafe), I don't know
if there is another way to do this:
string1 has "this is a string" or however complex a string (""" aaa
""").
I can do
realstring = eval(string1)
or
if there is list1 = "[ 'filea', 'fileb', ]", I can get at list by
doing:
reallist = eval(list1)

is there an easier/simpler method of doing the same thing as realstring
and reallist lines above?

See: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469

Michael

 

[bwooster47]

http://twistedmatrix.com/users/moshez/unrepr.py

http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469

Thanks, this helps - but I was looking at using no additional modules,
or using something that came bundled in with python 2.3

I just discovered mx.Tools.NewBuiltins

It has something called "reval" looks that would fit my needs
perfectly.

Details:
http://www.faqts.com/knowledge_base/view.phtml/aid/4550/fid/538

 

[Joseph Garvin]

Thanks, this helps - but I was looking at using no additional modules,
or using something that came bundled in with python 2.3

I just discovered mx.Tools.NewBuiltins

It has something called "reval" looks that would fit my needs
perfectly.

Details:
http://www.faqts.com/knowledge_base/view.phtml/aid/4550/fid/538

If I remember correctly reval and it's brothers were deemed insecure,
are no longer developed, and are present only for sake of backwards
compatibility. See the global module index entry on it.

 

[Steven Bethard]

If I remember correctly reval and it's brothers were deemed insecure,
are no longer developed, and are present only for sake of backwards
compatibility. See the global module index entry on it.

I believe some of the old security holes have been patched. See my
recent post at:

http://mail.python.org/pipermail/python-list/2005-May/281032.html

My understanding though is that it's still not considered appropriate
for production use.

STeVe

 

[Edvard Majakari]

I've to use ConfigParser.

It returns values that are exactly in the config file, so get string
variables like:
int1 with quotes and characers: "42"
this is easy to convert to int:
realint = int(int1)

There's already a method getint() for that, you can just say

cfgparser.getint('section', 'int1')

if there is list1 = "[ 'filea', 'fileb', ]", I can get at list by
doing:
reallist = eval(list1)

Are you sure you need to use ConfigParser for that? If you need to have
persistent Python data structures, I'd suggest marshalling data and using
(c)Pickle or similar.

--
# Edvard Majakari Software Engineer
# PGP PUBLIC KEY available Soli Deo Gloria!

"Debugging is twice as hard as writing the code in the firstplace. Therefore,
if you write the code as cleverly as possible, you are, by definition,
not smart enough to debug it." -- Brian W. Kernighan