Menu
▾
▴
Re: [Configobj-develop] unrepr & "non-traditional" pythons
|
From: Michael F. <fuz...@vo...> - 2009-05-16 13:00:08
|
Hello Ken, I'll look at this. A problem with eval is that it is unsafe (arbitrary code execution) - which is one reason to use a text based config system in the first place. Michael -- http://www.ironpythoninaction.com On 16 May 2009, at 03:55, Ken Kuhlman <ksk...@gm...> wrote: > As a first time poster, let me first thank you for configobj. It's > a nice piece of work, and the fact that I've never really had to > think about it is a real testament to your ability to put out stable > releases that 'just work'. > > Lately, though, I've been drawn to 'alternate' python > implementations: jython, fepy, appengine, pypy and such. Unlike > cpython, these don't provide a working compiler.parser, which means > that the unrepr mode of configobj doesn't work under them. > > I noticed Dag Brattli & Fuzzyman's tweets, which suggested eval as a > workable replacement, and came up with the attached patch against > the current rev (19). The core of the patch is very > straightforward, though I had to make some trivial changes to the > tests get them to pass under Jython. > > Since there's already some minor import trickery in configobj for > IronPython, I'm hoping that this patch is acceptable. Let me know > if need me to create a ticket. > > Thanks again, > -Ken > > PS: You won't want to commit the "configobj.compiler = None" line > in test_configobj.py. It's just there to demo unrepr in the absence > of a working compiler module. > > <nocompiler.diff> > --- > --- > --- > --------------------------------------------------------------------- > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables > unlimited royalty-free distribution of the report engine > for externally facing server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > Configobj-develop mailing list > Con...@li... > https://lists.sourceforge.net/lists/listinfo/configobj-develop |
