[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Python bots in Galcon (or your game!) safe_eval

To: pygame-users@xxxxxxxx
Subject: Re: [pygame] Python bots in Galcon (or your game!) safe_eval
From: Phil Hassey <philhassey@xxxxxxxxx>
Date: Fri, 9 Mar 2007 16:00:03 -0800 (PST)
Delivered-to: archiver@seul.org
Delivered-to: pygame-users-outgoing@seul.org
Delivered-to: pygame-users@seul.org
Delivery-date: Fri, 09 Mar 2007 19:00:19 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=s9z1tNVYJJQ8sI129+CHOvqlIwC6KhoOKfEKdPKxeXOO+KTQG20RpBov0wA2756jb6IEoSLjeSH5svje0oVI12yIaf7Q5YTOoFU1UCAYgCmR5VAZQFsMfg2Eyd+uCI6DmAaq9v8uZ6CNKVEi9U0XZVDvdfWHmrrNbQzSWezthc8=;
In-reply-to: <45F1F06A.40405@canterbury.ac.nz>
Reply-to: pygame-users@xxxxxxxx
Sender: owner-pygame-users@xxxxxxxx

Greg,

Thanks for giving it a try :)

I'll add in the name safe_exec, since that makes sense :)

As for disallowing __ string literals - this is because in my search of the parse tree, I use a simple, yet exhaustive search of all attributes for anything that looks bad. Having it customized for certain nodes would be a bit more complex.

At one point - I had it reject *anything* that had a single _ in it. However, I decided that defeated my goal of "safe and usable subset of python". I use lots of variables_named_like_this. I don't think the loss of "__" is to harsh.

As for disallowing lambda - it's probably not necessary, but lambda falls into the category of "slightly magical" and not used that much. I'd just as well leave it out for my purposes. (Though you can add it back into your use of safe.py if you think it's okay.)

BTW - check out what Leonard did with the type() function. Yikes!

I've made some updates to the script - http://www.imitationpickles.org/tmp/safe.py ... What in particular did you have to change to make it work with python 2.3?

Later,
Phil

Greg Ewing <greg.ewing@xxxxxxxxxxxxxxxx> wrote:

Phil Hassey wrote:

> I spent some time today working on building a safe_eval function that
> would make it "safe" to run user submitted bots in games

After fixing it to work with Python 2.3, I had a bash
on it, and I couldn't find a way of breaking it in an
evening or so of devious thought. So it looks pretty
good to me so far.

I did notice a couple of restrictions that don't
seem to be necessary:

* You seem to be disallowing any string literals
containing "__". This is futile, since you can
build up any string you want at run time.

* You're disallowing lambda while allowing def,
but anything you could do with a lambda could be
done with a def just as well, as far as I can
see.

BTW, shouldn't it really be called safe_exec rather
than safe_eval? It works on more than just expressions!

--
Greg

Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.

Follow-Ups:
- Re: [pygame] Python bots in Galcon (or your game!) safe_eval
  - From: Greg Ewing

References:
- Re: [pygame] Python bots in Galcon (or your game!) safe_eval
  - From: Greg Ewing

Prev by Author: Re: [pygame] Python bots in Galcon (or your game!) safe_eval
Next by Author: Re: [pygame] Python bots in Galcon (or your game!) safe_eval
Previous by thread: Re: [pygame] Python bots in Galcon (or your game!) safe_eval
Next by thread: Re: [pygame] Python bots in Galcon (or your game!) safe_eval
Index(es):
- Author
- Thread