mercurial-scm/hg-stable: mercurial/utils/stringutil.py comparison

comparison mercurial/utils/stringutil.py @ 37476:e9dea82ea1f3

wireproto: convert python literal to object without using unsafe eval() Follows up cc5a040fe150. At this point, I don't think we need a real eval(). If we want to support a set literal, maybe we can vendor ast.literal_eval(), which is relatively simple function.

author	Yuya Nishihara <yuya@tcha.org>
date	Sun, 08 Apr 2018 11:55:46 +0900
parents	a67fd1fe5109
children	68132a95df31

comparison

equal deleted inserted replaced

-:152f1b47e0ad
+:e9dea82ea1f3
 # This software may be used and distributed according to the terms of the
 # GNU General Public License version 2 or any later version.
 from __future__ import absolute_import
-import __future__
+import ast
 import codecs
 import re as remod
 import textwrap
 from ..i18n import _
 If s is not a valid boolean, returns None.
 """
 return _booleans.get(s.lower(), None)
-def evalpython(s):
+def evalpythonliteral(s):
-"""Evaluate a string containing a Python expression.
+"""Evaluate a string containing a Python literal expression"""
+# We could backport our tokenizer hack to rewrite '' to u'' if we want
-THIS FUNCTION IS NOT SAFE TO USE ON UNTRUSTED INPUT. IT'S USE SHOULD BE
+return ast.literal_eval(s)
-LIMITED TO DEVELOPER-FACING FUNCTIONALITY.
-"""
-globs = {
-r'__builtins__': {
-r'None': None,
-r'False': False,
-r'True': True,
-r'int': int,
-r'set': set,
-r'tuple': tuple,
-# Don't need to expose dict and list because we can use
-# literals.
-},
-}
-# We can't use eval() directly because it inherits compiler
-# flags from this module and we need unicode literals for Python 3
-# compatibility.
-code = compile(s, r'<string>', r'eval',
-__future__.unicode_literals.compiler_flag, True)
-return eval(code, globs, {})

Mercurial > public > mercurial-scm > hg-stable

comparison mercurial/utils/stringutil.py @ 37476:e9dea82ea1f3