我有一个代码,我希望让用户在stdin中传递三个值,每个值都是float,Fraction或int,所以我不能在输入上应用ast.literal_eval以获得我想要的结果。
我看了Eval really is dangerous,显示
eval的弱点,eval更安全。我应用了作者的建议并编写了此代码,替换了默认eval:
import builtins
class DoubleUnderscoreInEval(ValueError):
pass
def eval(expression, globals={}, locals=None):
if '__' in expression:
raise DoubleUnderscoreInEval('Using __ in eval is not allowed for safety reasons.')
else:
if '__builtins__' not in globals:
globals['__builtins__']={}
return builtins.eval(expression, globals, locals)
通过我的代码使用builtins.eval是否完全安全?
如果不是,我可以让eval完全安全吗? (鼓励绕过我的限制的字符串)
如果有,怎么样?如果不是,我可以使用什么呢?
我是Python的初学者,所以我们鼓励任何评论告诉我如何改进我的代码。
答案 0 :(得分:4)
不,您的eval()实施不安全。其他对象也可以访问__builtins__映射。
见Ned Batchelder的eval is dangerous一些例子。
例如,以下字符串可能导致段错误:
s = """
(lambda fc=(
lambda n: [
c for c in
().__class__.__bases__[0].__subclasses__()
if c.__name__ == n
][0]
):
fc("function")(
fc("code")(
0,0,0,0,"KABOOM",(),(),(),"","",0,""
),{}
)()
)()
"""
我担心,仅仅禁止双重下划线是不够的。一些有进取心的灵魂会找到一种方法,以一种你没有预料到的创造性方式重新组合双下划线,并且你会发现自己被黑客攻击无论如何。
ast.literal_eval()方法使用AST解析和自定义处理parsetree来支持内置类型。您可以通过添加对“安全”的支持来做同样的事情。可调用:
import ast
def literal_eval_with_callables(node_or_string, safe_callables=None):
if safe_callables is None:
safe_callables = {}
if isinstance(node_or_string, str):
node_or_string = ast.parse(node_or_string, mode='eval')
if isinstance(node_or_string, ast.Expression):
node_or_string = node_or_string.body
try:
# Python 3.4 and up
ast.NameConstant
const_test = lambda n: isinstance(n, ast.NameConstant)
const_extract = lambda n: n.value
except AttributeError:
# Everything before
_const_names = {'None': None, 'True': True, 'False': False}
const_test = lambda n: isinstance(n, ast.Name) and n.id in _const_names
const_extract = lambda n: _const_names[n.id]
def _convert(node):
if isinstance(node, (ast.Str, ast.Bytes)):
return node.s
elif isinstance(node, ast.Num):
return node.n
elif isinstance(node, ast.Tuple):
return tuple(map(_convert, node.elts))
elif isinstance(node, ast.List):
return list(map(_convert, node.elts))
elif isinstance(node, ast.Dict):
return dict((_convert(k), _convert(v)) for k, v
in zip(node.keys, node.values))
elif const_test(node):
return const_extract(node)
elif isinstance(node, ast.UnaryOp) and \
isinstance(node.op, (ast.UAdd, ast.USub)) and \
isinstance(node.operand, (ast.Num, ast.UnaryOp, ast.BinOp)):
operand = _convert(node.operand)
if isinstance(node.op, ast.UAdd):
return + operand
else:
return - operand
elif isinstance(node, ast.BinOp) and \
isinstance(node.op, (ast.Add, ast.Sub)) and \
isinstance(node.right, (ast.Num, ast.UnaryOp, ast.BinOp)) and \
isinstance(node.right.n, complex) and \
isinstance(node.left, (ast.Num, ast.UnaryOp, astBinOp)):
left = _convert(node.left)
right = _convert(node.right)
if isinstance(node.op, ast.Add):
return left + right
else:
return left - right
elif isinstance(node, ast.Call) and \
isinstance(node.func, ast.Name) and \
node.func.id in safe_callables:
return safe_callables[node.func.id](
*[_convert(n) for n in node.args],
**{kw.arg: _convert(kw.value) for kw in node.keywords})
raise ValueError('malformed string')
return _convert(node_or_string)
上述函数调整implementation of ast.literal_eval()以添加对特定注册callables的支持。通过命名Fraction的词典:
>>> import fractions
>>> safe_callables = {'Fraction': fractions.Fraction}
>>> literal_eval_with_callables('Fraction(1, denominator=2)', safe_callables)
Fraction(1, 2)
上述方法白名单而非黑名单将处理的内容。允许调用Fraction,并直接控制将要调用的对象,例如。
演示:
>>> samples = '''\
... 2, -9, -35
... 4, -13, 3
... -6, 13, 5
... 5, -6, 6
... -2, 5, -3
... 4, 12, 9
... 0.5, 1, 1
... 1, -0.5, -0.5
... 0.25, Fraction(-1, 3), Fraction(1, 9)'''.splitlines()
>>> safe_callables = {'Fraction': fractions.Fraction}
>>> for line in samples:
... print(literal_eval_with_callables(line, safe_callables))
...
(2, -9, -35)
(4, -13, 3)
(-6, 13, 5)
(5, -6, 6)
(-2, 5, -3)
(4, 12, 9)
(0.5, 1, 1)
(1, -0.5, -0.5)
(0.25, Fraction(-1, 3), Fraction(1, 9))
上述内容至少应该适用于Python 3.3及更高版本,可能更早。 Python 2需要更多的工作来支持unicode字符串而不是中断ast.Bytes。