[Freeipa-devel] [PATCH] 256 allow uid/gid starting number to be set
Rob Crittenden
rcritten at redhat.com
Wed Aug 26 14:53:15 UTC 2009
Martin Nagy wrote:
>
> Ah, sorry, had a bug in there. The sub function should have been called
> like this:
>>>> pattern.sub(lambda x: str(eval(x.group(2))), string)
> and the math will work (you have to use a variable with a different name
> than I used before). I forgot to wrap the eval() statement into str().
> Since you mentioned the paren counting, I also realized that a better
> pattern would be '(eval\s*\(([^()]*)\))'. But this still creates a
> problem, if you use "eval(foo + (2 * 4))" then the code will try to
> evaluate "foo + ". This is really a messy business. I'm not sure how to
> solve this simply without the use of a parser. But still, your code
> would be IMO even more dangerous.
>
Ok, it is important to note that there will be no variables in there. We
are passing this through a template so any variable substitution will
already be done.
For example, if in sub_dict we have GIDSTART set to 1100 the template
might look like:
gitNumber: eval($GIDSTART+1)
This will get passed to the eval as:
gidNumber: eval(1100+1)
I have no problem at all severely limiting the capabilities of this, so
saying "no nested parens" is fine by me, at least until I need them ;-)
And speaking of dangerous, using eval at all could be bad because it
will evaluate any valid python statement.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090826/1c9faa25/attachment.bin>
More information about the Freeipa-devel
mailing list