469,271 Members | 997 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,271 developers. It's quick & easy.

Desactivating Python keywords and built-in functions

In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)

André
Jul 18 '05 #1
8 1165
Andr? Roberge wrote:
In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)

In short:
there is no simple way :(

Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent hackers
will always find a way around your restrictions.
Jul 18 '05 #2
Benjamin Niemann wrote:
Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent
hackers will always find a way around your restrictions.


Maybe not *always*, but certainly nobody has yet shown themselves
willing and able to go all the way with an implementation which
is sufficiently secure that they could prove you wrong. ;-)

-Peter
Jul 18 '05 #3
Peter L Hansen wrote:
Benjamin Niemann wrote:
Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent
hackers will always find a way around your restrictions.

Maybe not *always*, but certainly nobody has yet shown themselves
willing and able to go all the way with an implementation which
is sufficiently secure that they could prove you wrong. ;-)

-Peter


Couldn't you rebind the functions that you want to deactivate
to another function that didn't do what you don't want done?

def eval(s, g=None, l=None):
pass

Seems like those new to Python do this all the time with
list, dict, etc.

-Larry
Jul 18 '05 #4
Andr? Roberge wrote:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]


Try rexec:

http://docs.python.org/lib/module-rexec.html

not fully safe but I might be enough.

Istvan.
Jul 18 '05 #5
On Fri, 08 Oct 2004 07:45:12 -0700, Andr? Roberge wrote:
In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:


Others have commented that many others have tried this and not succeeded.

Maybe another tack: Is there a specific reason that you don't want people
using "eval"? Some specific object you don't want used, some specific
capability invoked? Maybe the root problem can be addressed in another way.

If it is just to prevent them from confusing themselves, I'd suggest the
"don't document it" solution :-)
Jul 18 '05 #6
Larry Bates wrote:
Couldn't you rebind the functions that you want to deactivate
to another function that didn't do what you don't want done?

def eval(s, g=None, l=None):
pass

Seems like those new to Python do this all the time with
list, dict, etc.


It's really quite pointless (or redundant, anyway) to discuss
this until you've searched the list archives for the many
past discussions about this. Suffice to sasy that the answer
to your suggestion is that there are other ways to find
the real "eval" again.

-Peter
Jul 18 '05 #7
Andr? Roberge wrote:
In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)

André

This doesn't exactly qualify as simple, but depending on how modular the
source is, it might be possible to simply comment them out and recompile.

There ought to be some way of doing this, I'd love to see a Python
interface to Robocode :D
Jul 18 '05 #8
Don't read code as input.

Instead read `data` from user. If control of that data must be also
read as input, then read `action` key from user, from which get the
method using dictionary.

def foo_do(a,b):
print a,b

actions = {
'do_this': foo_do
....
}

data = raw_input()
a,b = data.split(',')
control = raw_input()
actions[control](a,b)

Jul 18 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

7 posts views Thread by Anthony Baxter | last post: by
1 post views Thread by mfjacobs | last post: by
3 posts views Thread by Leonard J. Reder | last post: by
reply views Thread by Leonard J. Reder | last post: by
5 posts views Thread by Digital.Rebel.18 | last post: by
29 posts views Thread by Mike Meyer | last post: by
6 posts views Thread by vedrandekovic | last post: by
32 posts views Thread by Steve Holden | last post: by
reply views Thread by zhoujie | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.