[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [pygame] Python bots in Galcon (or your game!) safe_eval
- To: pygame-users@xxxxxxxx
- Subject: Re: [pygame] Python bots in Galcon (or your game!) safe_eval
- From: Phil Hassey <philhassey@xxxxxxxxx>
- Date: Fri, 9 Mar 2007 16:00:03 -0800 (PST)
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivery-date: Fri, 09 Mar 2007 19:00:19 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=s9z1tNVYJJQ8sI129+CHOvqlIwC6KhoOKfEKdPKxeXOO+KTQG20RpBov0wA2756jb6IEoSLjeSH5svje0oVI12yIaf7Q5YTOoFU1UCAYgCmR5VAZQFsMfg2Eyd+uCI6DmAaq9v8uZ6CNKVEi9U0XZVDvdfWHmrrNbQzSWezthc8=;
- In-reply-to: <45F1F06A.firstname.lastname@example.org>
- Reply-to: pygame-users@xxxxxxxx
- Sender: owner-pygame-users@xxxxxxxx
Thanks for giving it a try :)
I'll add in the name safe_exec, since that makes sense :)
As for disallowing __ string literals - this is because in my search of the parse tree, I use a simple, yet exhaustive search of all attributes for anything that looks bad. Having it customized for certain nodes would be a bit more complex.
At one point - I had it reject *anything* that had a single _ in it. However, I decided that defeated my goal of "safe and usable subset of python". I use lots of variables_named_like_this. I don't think the loss of "__" is to harsh.
As for disallowing lambda - it's probably not necessary, but lambda falls into the category of "slightly magical" and not used that much. I'd just as well leave it out for my purposes. (Though you can add it back into your use of safe.py if you think it's okay.)
BTW - check out what Leonard did with the type() function.
I've made some updates to the script - http://www.imitationpickles.org/tmp/safe.py ... What in particular did you have to change to make it work with python 2.3?
Greg Ewing <greg.ewing@xxxxxxxxxxxxxxxx> wrote:
Phil Hassey wrote:
> I spent some time today working on building a safe_eval function that
> would make it "safe" to run user submitted bots in games
After fixing it to work with Python 2.3, I had a bash
on it, and I couldn't find a way of breaking it in an
evening or so of devious thought. So it looks pretty
good to me so far.
I did notice a couple of restrictions that don't
seem to be necessary:
* You seem to be disallowing any string literals
containing "__". This is futile, since you can
build up any string you want at run
* You're disallowing lambda while allowing def,
but anything you could do with a lambda could be
done with a def just as well, as far as I can
BTW, shouldn't it really be called safe_exec rather
than safe_eval? It works on more than just expressions!
Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.