python - Is None really a built-in? -

-

i trying use python's (2.7) eval in (relatively) safe manner. hence, defined:

def safer_eval(string):     """safer version of eval() globals , builtins inaccessible"""     return eval(string, {'__builtins__': {}})

as expected, following not work more:

print safer_eval("true") nameerror: name 'true' not defined

however, can still eval "none" string:

print safer_eval("none") none

  • so, none not built-in? @ least both part of __builtin__ ...

  • why still eval-able?

  • how rid of it, if had to?

none constant in python, see keywords documentation:

changed in version 2.4: none became constant , recognized compiler name built-in object none. although not keyword, cannot assign different object it.

the compiler inserts reference singleton none object whenever name it:

>>> dis import dis >>> dis(compile('none', '', 'eval'))   1           0 load_const               0 (none)               3 return_value

true , false built-ins in python 2, means can masked.

in python 3, none, true , false now keywords, , 3 materialised merely naming them:

>>> eval('true', {'__builtins__': {}}) true

see guido van rossum's blog post on why changed.

note there nothing safe eval, __builtins__ neutered, can still referenced via other means:

>>> s = ''' ... [ ...     c c in ().__class__.__base__.__subclasses__() ...     if c.__name__ == 'catch_warnings' ... ][0]()._module.__builtins__ ... ''' >>> eval(s, {'__builtins__': {}}) {'bytearray': <type 'bytearray'>, 'indexerror': <type 'exceptions.indexerror'>, 'all': <built-in function all>, 'help': type help() interactive help, or help(object) object., 'vars': <built-in function vars>, 'syntaxerror': <type 'exceptions.syntaxerror'>, 'unicode': <type 'unicode'>, 'unicodedecodeerror': <type 'exceptions.unicodedecodeerror'>, 'memoryview': <type 'memoryview'>, 'isinstance': <built-in function isinstance>, 'copyright': copyright (c) 2001-2015 python software foundation. rights reserved.  copyright (c) 2000 beopen.com. rights reserved.  copyright (c) 1995-2001 corporation national research initiatives. rights reserved.  copyright (c) 1991-1995 stichting mathematisch centrum, amsterdam. rights reserved., 'nameerror': <type 'exceptions.nameerror'>, 'byteswarning': <type 'exceptions.byteswarning'>, 'dict': <type 'dict'>, 'input': <built-in function input>, 'oct': <built-in function oct>, 'bin': <built-in function bin>, 'systemexit': <type 'exceptions.systemexit'>, 'standarderror': <type 'exceptions.standarderror'>, 'format': <built-in function format>, 'repr': <built-in function repr>, 'sorted': <built-in function sorted>, 'false': false, 'runtimewarning': <type 'exceptions.runtimewarning'>, 'list': <type 'list'>, 'iter': <built-in function iter>, 'reload': <built-in function reload>, 'warning': <type 'exceptions.warning'>, '__package__': none, 'round': <built-in function round>, 'dir': <built-in function dir>, 'cmp': <built-in function cmp>, 'set': <type 'set'>, 'bytes': <type 'str'>, 'reduce': <built-in function reduce>, 'intern': <built-in function intern>, 'issubclass': <built-in function issubclass>, 'ellipsis': ellipsis, 'eoferror': <type 'exceptions.eoferror'>, 'locals': <built-in function locals>, 'buffererror': <type 'exceptions.buffererror'>, 'slice': <type 'slice'>, 'floatingpointerror': <type 'exceptions.floatingpointerror'>, 'sum': <built-in function sum>, 'getattr': <built-in function getattr>, 'abs': <built-in function abs>, 'exit': use exit() or ctrl-d (i.e. eof) exit, 'print': <built-in function print>, 'true': true, 'futurewarning': <type 'exceptions.futurewarning'>, 'importwarning': <type 'exceptions.importwarning'>, 'none': none, 'hash': <built-in function hash>, 'referenceerror': <type 'exceptions.referenceerror'>, 'len': <built-in function len>, 'credits':     cwi, cnri, beopen.com, zope corporation , cast of thousands     supporting python development.  see www.python.org more information., 'frozenset': <type 'frozenset'>, '__name__': '__builtin__', 'ord': <built-in function ord>, 'super': <type 'super'>, '_': none, 'typeerror': <type 'exceptions.typeerror'>, 'license': see http://www.python.org/2.7/license.html, 'keyboardinterrupt': <type 'exceptions.keyboardinterrupt'>, 'userwarning': <type 'exceptions.userwarning'>, 'filter': <built-in function filter>, 'range': <built-in function range>, 'staticmethod': <type 'staticmethod'>, 'systemerror': <type 'exceptions.systemerror'>, 'baseexception': <type 'exceptions.baseexception'>, 'pow': <built-in function pow>, 'runtimeerror': <type 'exceptions.runtimeerror'>, 'float': <type 'float'>, 'memoryerror': <type 'exceptions.memoryerror'>, 'stopiteration': <type 'exceptions.stopiteration'>, 'globals': <built-in function globals>, 'divmod': <built-in function divmod>, 'enumerate': <type 'enumerate'>, 'apply': <built-in function apply>, 'lookuperror': <type 'exceptions.lookuperror'>, 'open': <built-in function open>, 'quit': use quit() or ctrl-d (i.e. eof) exit, 'basestring': <type 'basestring'>, 'unicodeerror': <type 'exceptions.unicodeerror'>, 'zip': <built-in function zip>, 'hex': <built-in function hex>, 'long': <type 'long'>, 'next': <built-in function next>, 'importerror': <type 'exceptions.importerror'>, 'chr': <built-in function chr>, 'xrange': <type 'xrange'>, 'type': <type 'type'>, '__doc__': "built-in functions, exceptions, , other objects.\n\nnoteworthy: none `nil' object; ellipsis represents `...' in slices.", 'exception': <type 'exceptions.exception'>, 'tuple': <type 'tuple'>, 'unicodetranslateerror': <type 'exceptions.unicodetranslateerror'>, 'reversed': <type 'reversed'>, 'unicodeencodeerror': <type 'exceptions.unicodeencodeerror'>, 'ioerror': <type 'exceptions.ioerror'>, 'hasattr': <built-in function hasattr>, 'delattr': <built-in function delattr>, 'setattr': <built-in function setattr>, 'raw_input': <built-in function raw_input>, 'syntaxwarning': <type 'exceptions.syntaxwarning'>, 'compile': <built-in function compile>, 'arithmeticerror': <type 'exceptions.arithmeticerror'>, 'str': <type 'str'>, 'property': <type 'property'>, 'generatorexit': <type 'exceptions.generatorexit'>, 'int': <type 'int'>, '__import__': <built-in function __import__>, 'keyerror': <type 'exceptions.keyerror'>, 'coerce': <built-in function coerce>, 'pendingdeprecationwarning': <type 'exceptions.pendingdeprecationwarning'>, 'file': <type 'file'>, 'environmenterror': <type 'exceptions.environmenterror'>, 'unichr': <built-in function unichr>, 'id': <built-in function id>, 'oserror': <type 'exceptions.oserror'>, 'deprecationwarning': <type 'exceptions.deprecationwarning'>, 'min': <built-in function min>, 'unicodewarning': <type 'exceptions.unicodewarning'>, 'execfile': <built-in function execfile>, 'any': <built-in function any>, 'complex': <type 'complex'>, 'bool': <type 'bool'>, 'valueerror': <type 'exceptions.valueerror'>, 'notimplemented': notimplemented, 'map': <built-in function map>, 'buffer': <type 'buffer'>, 'max': <built-in function max>, 'object': <type 'object'>, 'taberror': <type 'exceptions.taberror'>, 'callable': <built-in function callable>, 'zerodivisionerror': <type 'exceptions.zerodivisionerror'>, 'eval': <built-in function eval>, '__debug__': true, 'indentationerror': <type 'exceptions.indentationerror'>, 'assertionerror': <type 'exceptions.assertionerror'>, 'classmethod': <type 'classmethod'>, 'unboundlocalerror': <type 'exceptions.unboundlocalerror'>, 'notimplementederror': <type 'exceptions.notimplementederror'>, 'attributeerror': <type 'exceptions.attributeerror'>, 'overflowerror': <type 'exceptions.overflowerror'>}

or can blow interpreter creating broken code object. see eval dangerous.

if want load python literal syntax (lists, tuples, dictionaries, strings, numbers, etc.) want use ast.literal_eval() function, designed safe.


Comments

Post a Comment

Popular posts from this blog

javascript - Slick Slider width recalculation -

-
i'm trying add slide in panel on slick container css. carousel works except new width not being calculated when space has been added. recalibrate once advance next slide i'd happen each time panel opened or closed. i've tried adding both margin , padding, neither makes difference. ideas? https://jsfiddle.net/mhigley/dpf7mlpl/ html: <button type="button" id="button"><i class="fa fa-arrow-right"></i></button> <aside> <h2>slide in panel</h2> <ol> <li>list item</li> <li>list item</li> <li>list item</li> <li>list item</li> <li>list item</li> </ol> </aside> <main role="main"> <div class="sections"> <section> <article> <h2>first slide</h2> <p>lorem ipsum d...
Read more

jsf - PrimeFaces Datatable - What is f:facet actually doing? -

-
looking through primefaces code in app noticed following line: <f:facet name="header">#{trainsearch.traincount} trains</f:facet> it looks overriding header, makes sense, can explain me in little more detail? what happening line of code? complete code listed below: <p:datatable id = "results" value = "#{trainsearch.trains}" var = "train" rendered="#{not empty trainsearch.trains}" styleclass = "train-search-table horizontal-border"> <f:facet name="header">#{trainsearch.traincount} trains</f:facet> <p:column headertext = "train id"> <p:panelgrid columns="1" styleclass = "train-id-grid" layout = "grid"> <h:outputtext styleclass = "train-id-label" value="#{train.traini}"/> <h:outputtex...
Read more

angular2 services - Angular 2 RC 4 Http post not firing -

-
i trying fire post request app , it's not working, tried multiple ways. don't see request being fired under network tab in chrome. not sure problem is, appreciated. import { injectable } '@angular/core'; import { http, headers } '@angular/http'; @injectable() export class userservice{ private _url="users"; constructor(private _http: http){ } checkifusernameexists(username){ return this._http.get(this._url+"/"+username) .map(response => response.json()) } createuser(user){ let headers = new headers(); headers.append('content-type', 'application/json') console.log(json.stringify(user)); return this._http.post(this._url, json.stringify(user),{headers: headers}) .map(response => response.json()) } } first need capture error , solve error: this._http.post(this._url, json.stringify(user),{headers: headers}) .subscribe( ...
Read more