473,240 Members | 1,639 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,240 software developers and data experts.

Desactivating Python keywords and built-in functions

In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)

André
Jul 18 '05 #1
8 1244
Andr? Roberge wrote:
In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)

In short:
there is no simple way :(

Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent hackers
will always find a way around your restrictions.
Jul 18 '05 #2
Benjamin Niemann wrote:
Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent
hackers will always find a way around your restrictions.


Maybe not *always*, but certainly nobody has yet shown themselves
willing and able to go all the way with an implementation which
is sufficiently secure that they could prove you wrong. ;-)

-Peter
Jul 18 '05 #3
Peter L Hansen wrote:
Benjamin Niemann wrote:
Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent
hackers will always find a way around your restrictions.

Maybe not *always*, but certainly nobody has yet shown themselves
willing and able to go all the way with an implementation which
is sufficiently secure that they could prove you wrong. ;-)

-Peter


Couldn't you rebind the functions that you want to deactivate
to another function that didn't do what you don't want done?

def eval(s, g=None, l=None):
pass

Seems like those new to Python do this all the time with
list, dict, etc.

-Larry
Jul 18 '05 #4
Andr? Roberge wrote:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]


Try rexec:

http://docs.python.org/lib/module-rexec.html

not fully safe but I might be enough.

Istvan.
Jul 18 '05 #5
On Fri, 08 Oct 2004 07:45:12 -0700, Andr? Roberge wrote:
In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:


Others have commented that many others have tried this and not succeeded.

Maybe another tack: Is there a specific reason that you don't want people
using "eval"? Some specific object you don't want used, some specific
capability invoked? Maybe the root problem can be addressed in another way.

If it is just to prevent them from confusing themselves, I'd suggest the
"don't document it" solution :-)
Jul 18 '05 #6
Larry Bates wrote:
Couldn't you rebind the functions that you want to deactivate
to another function that didn't do what you don't want done?

def eval(s, g=None, l=None):
pass

Seems like those new to Python do this all the time with
list, dict, etc.


It's really quite pointless (or redundant, anyway) to discuss
this until you've searched the list archives for the many
past discussions about this. Suffice to sasy that the answer
to your suggestion is that there are other ways to find
the real "eval" again.

-Peter
Jul 18 '05 #7
Andr? Roberge wrote:
In short:
Is there a simple way to desactivate Python keywords and built-in
keywords [e.g. eval()]

Longer description:
I want to use a subset of Python as an embedded language and don't
want the users to have access to the rest of the language. One
approach I thought of using would be something along the following
lines:

read in the script for the user;
scan for "forbidden" keywords or expression;
if found, give an error message and stop;
otherwise, let Python interpret the code.

Before I jump and start coding, I thought I would ask people that know
more about these things than me
(which means probably 97.2% of the readership of comp.lang.python ;-)

André

This doesn't exactly qualify as simple, but depending on how modular the
source is, it might be possible to simply comment them out and recompile.

There ought to be some way of doing this, I'd love to see a Python
interface to Robocode :D
Jul 18 '05 #8
Don't read code as input.

Instead read `data` from user. If control of that data must be also
read as input, then read `action` key from user, from which get the
method using dictionary.

def foo_do(a,b):
print a,b

actions = {
'do_this': foo_do
....
}

data = raw_input()
a,b = data.split(',')
control = raw_input()
actions[control](a,b)

Jul 18 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Anthony Baxter | last post by:
I'm trying to build a binary of fastaudio (the wrapper for the PortAudio library, from http://www.freenet.org.nz/python/pyPortAudio/) for Python 2.3. There's a lot of FAQs and the like out there...
1
by: mfjacobs | last post by:
Hello, I was hoping someone here can help me with a problem I am having with the PyXML extension ( ver 0.8.4) and Python 2.4 Thsi is a brand new build of Python. Build with default .configre...
3
by: Leonard J. Reder | last post by:
Hello list, I have been searching on the web for a while now for a specific Python implementation of an FSM. More specifically what I am looking for is a Python implementation of the so called...
0
by: Leonard J. Reder | last post by:
Hello, Although posted this a few weeks ago I still have gotten much feedback so I want to put this out again and see if the response gets a bit more interesting. I have been searching on the...
5
by: Digital.Rebel.18 | last post by:
I'm trying to figure out how to extract the keywords from an HTML document. The input string would typically look like: <meta name='keywords' content='word1, more stuff, etc'> Either single...
29
by: Mike Meyer | last post by:
After spending time I should have been sleeping working on it, the try python site is much more functional. It now allows statements, including multi-line statements and expressions. You can't...
48
by: meyer | last post by:
Hi everyone, which compiler will Python 2.5 on Windows (Intel) be built with? I notice that Python 2.4 apparently has been built with the VS2003 toolkit compiler, and I read a post from Scott...
206
by: WaterWalk | last post by:
I've just read an article "Building Robust System" by Gerald Jay Sussman. The article is here: http://swiss.csail.mit.edu/classes/symbolic/spring07/readings/robust-systems.pdf In it there is a...
6
by: vedrandekovic | last post by:
Hello AGAIN, I on working on windows and Python 2.4. Where can I find and CHANGE python grammar. ( I just want to change the keywords ) PLEASE HELP ME SOMEBODY!!!!!! ...
32
by: Steve Holden | last post by:
I wondered if a straw poll could get some idea of readers' thoughts about when they will be migrating to 3.0 on, so I used the new widget on Blogger to add a poll for that. I'd appreciate if if...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.