How to convert a list of strings into a list of variables
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Thu Aug 18 21:42:24 EDT 2011
More information about the Python-list mailing list
Thu Aug 18 21:42:24 EDT 2011
- Previous message (by thread): How to convert a list of strings into a list of variables
- Next message (by thread): How to convert a list of strings into a list of variables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris Angelico wrote: > On Thu, Aug 18, 2011 at 5:09 PM, John Gordon <gordon at panix.com> wrote: >> for x in list_of_strings: >> list_of_variables.append(eval(x)) >> > > If this really is what you need, you can simplify it by using the > globals() dictionary - it's a regular dictionary whose contents are > all the global variables in your current module. Inside a function, > use locals() instead. You can use locals outside of a function too, because it just returns globals(). Lookup of names in locals/globals is much safer than eval, particularly if there is any risk that the list of names comes from an untrusted or potentially hostile source. list_of_strings = ['red', 'blue', '__import__("os").system("echo I just p0wned your system")', 'green', 'yellow'] (The simplest way out of a billion to cause grief.) Code injection attacks are the first and second most common form of security vulnerability, ahead of even buffer overflows. Please don't add to the list. http://cwe.mitre.org/top25/?2011 (Oh, and if you think that protecting against code injection attacks while still using eval or exec is simple, please step away from the keyboard.) -- Steven
- Previous message (by thread): How to convert a list of strings into a list of variables
- Next message (by thread): How to convert a list of strings into a list of variables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list