This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Remove eval() from csv
Type: Stage:
Components: Library (Lib) Versions: Python 2.3
process
Status: closed Resolution:
Dependencies: Superseder:
Assigned To: andrewmcnamara Nosy List: andrewmcnamara, rhettinger, skip.montanaro
Priority: high Keywords: patch

Created on 2003-05-27 07:43 by rhettinger, last changed 2022-04-10 16:08 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
csv.diff rhettinger, 2003-05-27 07:46 Patch to Lib/csv.py
Messages (5)
msg43850 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2003-05-27 07:43 
The eval() step in the csv module can be eliminated, 
resulting in better security, more clarity, and a little 
speed.

The idea is to make successive attempts to coerce 
the string to a python type:
   int(s), long(s), float(s), etc.

This allows the logic to be controlled precisely and for 
specific types to be included or excluded (unicode 
types for instance).

The patch is attached and passes all regression 
tests.  It should also work fine under Py2.2.
msg43851 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2003-06-09 16:42 
Logged In: YES 
user_id=80475

Skip said it would be fine if you took care of this one.
msg43852 - (view) Author: Skip Montanaro (skip.montanaro) * (Python triager) Date: 2003-06-12 02:26 
Logged In: YES 
user_id=44345

I think this is fine though there's a typo:

         # treat longs as ints
          if thisType == long:
              thisType == int

The last "==" should be "=".  That this didn't trigger a test
failure suggests we need another test case.

Also, since the interpreter can conceivably be built without
complex types, the use of the complex builtin should probably
be guarded.

S
msg43853 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2003-06-12 03:10 
Logged In: YES 
user_id=80475

* Added guard for complex().
* Changed == to =
* Ran against Skip's new tests
* Committed as Lib/csv.py 1.5
* Closing patch
msg43854 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2003-06-12 03:10 
Logged In: YES 
user_id=80475

* Added guard for complex().
* Changed == to =
* Ran against Skip's new tests
* Committed as Lib/csv.py 1.5
* Closing patch
History
Date User Action Args
2022-04-10 16:08:55adminsetgithub: 38553
2003-05-27 07:43:35rhettingercreate