"Kent Johnson" <[EMAIL PROTECTED]> wrote
This works just as well:
s = '__import__("os").system("rm -rf /")'
I don' think it would since the eval would call tuple
which would return a tuple of characters which would
not unpack into x,y so throwing an error.
Care to try it? It does raise an e
On Wed, Nov 26, 2008 at 2:46 PM, Alan Gauld <[EMAIL PROTECTED]> wrote:
>
> "Kent Johnson" <[EMAIL PROTECTED]> wrote
>
> e = "tuple(" + s + ")"
>
> x,y = eval(e)# x -> 2.5, y -> 2.8
>>
>> This works just as well:
>> s = '__import__("os").system("rm -rf /")'
>>
>
> I don' think it
"Kent Johnson" <[EMAIL PROTECTED]> wrote
e = "tuple(" + s + ")"
x,y = eval(e)# x -> 2.5, y -> 2.8
This works just as well:
s = '__import__("os").system("rm -rf /")'
I don' think it would since the eval would call tuple
which would return a tuple of characters which would
not unpack
On Wed, Nov 26, 2008 at 4:16 AM, Alan Gauld <[EMAIL PROTECTED]> wrote:
> "John Fouhy" <[EMAIL PROTECTED]> wrote
>
>>> e = "tuple(" + e + ")"
>>>
>>> x,y = eval(e)# x -> 2.5, y -> 2.8
>>>
>> If I, as an evildoer, can control e, it seems that I could set it to:
>>
>> ,), __import__('os').sys
"John Fouhy" <[EMAIL PROTECTED]> wrote
e = "tuple(" + e + ")"
x,y = eval(e)# x -> 2.5, y -> 2.8
If I, as an evildoer, can control e, it seems that I could set it
to:
,), __import__('os').system('rm -rf /'
I've never thought of myself as all that devious :-)
Sorry John, too fast
"John Fouhy" <[EMAIL PROTECTED]> wrote
s = "[2.5,2.8]" # your string from the file
e = "tuple(" + e + ")"
This should of course be
e = "tuple(" + s + ")"
If I, as an evildoer, can control e, it seems that I could set it
to:
,), __import__('os').system('rm -rf /'
Assuming you
On 26/11/2008, Alan Gauld <[EMAIL PROTECTED]> wrote:
> You could use eval to evaluate the string but that would be dangerous since
> the striong could be a malicious piece of code. But you can make it a lot
> safer by wrapping it in a function with known effect, thus:
>
> s = "[2.5,2.8]" # your
On Tue, Nov 25, 2008 at 3:14 PM, Lie Ryan <[EMAIL PROTECTED]> wrote:
> Instead, in python 2.6, you may use ast.literal_eval(). Which restrict
> the eval to literal syntax only, and prohibit any function calling.
That's very cool, thanks!
> Alternatively, for previous versions of python, or for m
"Bryan Fodness" <[EMAIL PROTECTED]> wrote
I have a list in a text file that is in the python format.,
Positions = [2.5,2.8]
When you say "in the Python format" do you mean it
is real Python codfe or just that it happens to look
like Python?
If the latter what format is it really? If
On Tue, 25 Nov 2008 06:59:13 -0800, Mark Tolonen wrote:
> "Bryan Fodness" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>> I have a list in a text file that is in the python format.,
>>
>> Positions = [2.5,2.8]
>>
>> and would like to grab the values.
>>
>> for line in file
Bryan Fodness wrote:
I have a list in a text file that is in the python format.,
Positions = [2.5,2.8]
Why do you use Python format for storing data?
(Python format is for storing programs, usually)
and would like to grab the values.
for line in file('list.txt'):
if line ==
"Bryan Fodness" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
I have a list in a text file that is in the python format.,
Positions = [2.5,2.8]
and would like to grab the values.
for line in file('list.txt'):
if line == Positions:
x1,x2=Positions
I kn
I have a list in a text file that is in the python format.,
Positions = [2.5,2.8]
and would like to grab the values.
for line in file('list.txt'):
if line == Positions:
x1,x2=Positions
I know this does not work. Is there a direct way to get my x1 and x2
values.
Tha
13 matches
Mail list logo
