Python eval source code

Python eval()

The eval() method parses the expression passed to this method and runs python expression (code) within the program.

Example

number = 9 
# eval performs the multiplication passed as argument square_number = eval('number * number')
 print(square_number) # Output: 81

eval() Syntax

eval(expression, globals=None, locals=None)

eval() Parameters

The eval() function takes three parameters:

• expression — the string parsed and evaluated as a Python expression
• globals (optional) — a dictionary
• locals (optional)- a mapping object. Dictionary is the standard and commonly used mapping type in Python.

The use of globals and locals will be discussed later in this article.

eval() Return Value

The eval() method returns the result evaluated from the expression .

Example 1: How eval() works in Python

Here, the eval() function evaluates the expression x + 1 and print is used to display this value.

Example 2: Practical Example to Demonstrate Use of eval()

# Perimeter of Square def calculatePerimeter(l): return 4*l # Area of Square def calculateArea(l): return l*l expression = input("Type a function: ") for l in range(1, 5): if (expression == 'calculatePerimeter(l)'): 
print("If length is ", l, ", Perimeter line-highlight"> print("If length is ", l, ", Area /python-programming/methods/built-in/dir">dir() method.
 
from math import * 
print(eval('dir()'))
 
['__annotations__', '__builtins__', '__cached__', '__doc__', '__file__', '__loader__', '__name__', '__package__', '__spec__', 'acos', 'acosh', 'asin', 'asinh', 'atan', 'atan2', 'atanh', 'ceil', 'comb', 'copysign', 'cos', 'cosh', 'degrees', 'dist', 'e', 'erf', 'erfc', 'exp', 'expm1', 'fabs', 'factorial', 'floor', 'fmod', 'frexp', 'fsum', 'gamma', 'gcd', 'hypot', 'inf', 'isclose', 'isfinite', 'isinf', 'isnan', 'isqrt', 'ldexp', 'lgamma', 'log', 'log10', 'log1p', 'log2', 'modf', 'nan', 'os', 'perm', 'pi', 'pow', 'prod', 'radians', 'remainder', 'sin', 'sinh', 'sqrt', 'tan', 'tanh', 'tau', 'trunc']
 
Restricting the Use of Available Methods and Variables in eval()
 
More often than not, all the available methods and variables used in the expression (first parameter to eval() ) may not be needed, or even may have a security hole. You may need to restrict the use of these methods and variables for eval() . You can do so by passing optional globals and locals parameters (dictionaries) to the eval() function.
 
1. When both globals and locals parameters omitted
 
If both parameters are omitted (as in our earlier examples), the expression is executed in the current scope. You can check the available variables and methods using following code:
 
2. Passing globals parameter; locals parameter is omitted
 
The globals and locals parameters (dictionaries) are used for global and local variables respectively. If the locals dictionary is omitted, it defaults to globals dictionary. Meaning, globals will be used for both global and local variables.
 
Note: You can check the current global and local dictionary in Python using globals() and locals() built-in methods respectively.
 
Example 3: Passing empty dictionary as globals parameter
 
from math import * 
print(eval('dir()', <>))
 # The code will raise an exception 
print(eval('sqrt(25)', <>))
 
['__builtins__'] Traceback (most recent call last): File "", line 5, in print(eval('sqrt(25)', <>)) File "", line 1, in NameError: name 'sqrt' is not defined
 
If you pass an empty dictionary as globals , only the __builtins__ are available to expression (first parameter to the eval() ).
 
Even though we have imported the math module in the above program, expression can't access any functions provided by the math module.
 
Example 4: Making Certain Methods available
 
from math import * 
print(eval('dir()', ))
 
Here, the expression can only use the sqrt() and the pow() methods along with __builtins__ .
 
It is also possible to change the name of the method available for the expression as to your wish:
 
from math import * names = 
print(eval('dir()', names))
 # Using square_root in Expression 
print(eval('square_root(9)', names))
 
['__builtins__', 'power', 'square_root'] 3.0
 
In the above program, square_root() calculates the square root using sqrt() . However, trying to use sqrt() directly will raise an error.
 
Example 5: Restricting the Use of built-ins
 
You can restrict the use of __builtins__ in the expression as follows:
 
3. Passing both globals and locals dictionary
 
You can make needed functions and variables available for use by passing the locals dictionary. For example:
 
from math import * a = 169 
print(eval('sqrt(a)', , ))
 
In this program, expression can have sqrt() method and variable a only. All other methods and variables are unavailable.
 
Restricting the use of eval() by passing globals and locals dictionaries will make your code secure particularly when you are using input provided by the user to the eval() method.
 
Note: Sometimes, eval() is not secure even with limited names. When an object and its methods are made accessible, almost anything can be done. The only secure way is by validating the user input.
 
Источник
 
eval¶
 
Returns a result of the evaluation of a Python expression.
 
Syntax¶
 
eval (expression[, globals[, locals]])
 
expression Required. The arguments are a Unicode or Latin-1 encoded string globals Optional. A dictionary defining the namespace in which the expression is evaluated. locals Optional. A dictionary defining the local namespace.
 
Return Value¶
 
Time Complexity¶
 
Remarks¶
 
The expression argument is parsed and evaluated as a Python expression (technically speaking, a condition list) using the globals and locals dictionaries as global and local namespace. If the globals dictionary is present and lacks ‘__builtins__’, the current globals are copied into globals before expression is parsed. This means that expression normally has full access to the standard __builtin__ module and restricted environments are propagated. If the locals dictionary is omitted it defaults to the globals dictionary. If both dictionaries are omitted, the expression is executed in the environment where eval() is called. The return value is the result of the evaluated expression. Syntax errors are reported as exceptions.
 
This function can also be used to execute arbitrary code objects (such as those created by compile()). In this case pass a code object instead of a string. If the code object has been compiled with ‘exec’ as the mode argument, eval()‘s return value will be None. Hints: dynamic execution of statements is supported by the exec statement. Execution of statements from a file is supported by the execfile() function. The globals() and locals() functions returns the current global and local dictionary, respectively, which may be useful to pass around for use by eval() or execfile().
 
See ast.literal_eval() for a function that can safely evaluate strings with expressions containing only literals. See also exec statement and execfile() and compile() functions.
 
Example 1¶
 
>>> x = 1 >>> print eval('x+1') 2 >>> eval('2*2') 4 >>> eval("len('bamf')") 4 
 
Example 2¶
 
>>> # this example shows how eval can access global namespace; this is a potential security hazard >>> eval("os.getcwd()") NameError: name 'os' is not defined >>> import os >>> eval("os.getcwd()") 'C:\\Program Files\\PyScripter' 
 
Example 3¶
 
>>> # this example shows how providing globals argument prevents eval from accessing real globals dictionary >>> eval("os.getcwd()", <>) NameError: name 'os' is not defined >>> # that example however can be bypassed by using __import__ function inside eval >>> eval('__import__("os").getcwd()', <>) 'C:\\Program Files\\PyScripter' 
 
Example 4¶
 
>>> # this example shows how to prevent eval from importing any modules >>> eval('__import__("os").getcwd()', '__builtins__': <>>) Traceback (most recent call last): File "", line 1, in File "", line 1, in NameError: name '__import__' is not defined 
 
Источник
 
Читайте также:  Какие типы данных javascript