eval(input()) in python 2to3

2024/9/19 9:44:10

From the Python 2to3 doc:

input:

Converts input(prompt) to eval(input(prompt))

I am currently trying to learn Python 3 after a few years working with Python 2. Can anybody please explain why the tool inserts eval before the call to input, and whether I should do so in all my Python 3 code?

Answer

python 2's old input behavior has been removed, python 3's current input was what was previously named raw_input. raw_input and python 3 input always returns a string, unlike input which tries to evaluate the input as an expression.

The 2to3 tool inserted an eval because it has no way to tell if you're relying on the old input automatically evaluating its inputs. The old input behavior is deemed a mistake because you can evaluate pretty much any valid python expression, therefore any python program that uses input() has a glaring security hole. After conversion, you should evaluate each use of eval and determine whether that part of the code are going to be receiving any untrusted user input.

You should never uses eval(input()), except perhaps in throwaway scripts. There is no way to make eval secure.

https://en.xdnf.cn/q/72661.html

Related Q&A

Post XML file using Python

Im new to Python and in need of some help. My aim is to send some XML with a post request to a URL, which is going to trigger a SMS being sent. I have a small XML document that I want to post to the UR…
READ MORE...

Python TypeError: __init__() got multiple values for argument master

Trying to build a GUI in Python at the moment, and Im stuck at this part in particular. Every time I try to run my code it just throws the error TypeError: __init__() got multiple values for argument m…
READ MORE...

How to suppress all warnings in window of executable file generated by pyinstaller

I have generated an executable file from a python file using pyinstaller. The program works how it is supposed to work but there is this warning message it appears in the window that I would like to hi…
READ MORE...

Python requests gives me bad handshake error

Using Python requests like thisimport requests; requests.get(https://internal.site.no)gives me an error many have had;SSLError: ("bad handshake: Error([(SSL routines, SSL23_GET_SERVER_HELLO, sslv3…
READ MORE...

PyCharm: Storing variables in memory to be able to run code from a checkpoint

Ive been searching everywhere for an answer to this but to no avail. I want to be able to run my code and have the variables stored in memory so that I can perhaps set a "checkpoint" which I …
READ MORE...

Execute bash script from Python on Windows

I am trying to write a python script that will execute a bash script I have on my Windows machine. Up until now I have been using the Cygwin terminal so executing the bash script RunModels.scr has been…
READ MORE...

Python regex convert youtube url to youtube video

Im making a regex so I can find youtube links (can be multiple) in a piece of HTML text posted by an user.Currently Im using the following regex to change http://www.youtube.com/watch?v=-JyZLS2IhkQ in…
READ MORE...

Python / Kivy: conditional design in .kv file

Would an approach similar to the example below be possible in Kivy? The code posted obviously doesnt work, and again its only an example: I will need different layouts to be drawn depending on a certa…
READ MORE...

z-axis scaling and limits in a 3-D scatter plot

I performed a Monte Carlo inversion of three parameters, and now Im trying to plot them in a 3-D figure using Matplotlib. One of those parameters (Mo) has a variability of values between 10^15 and 10^2…
READ MORE...

How to fix value produced by Random?

I got an issue which is, in my code,anyone can help will be great. this is the example code.from random import * from numpy import * r=array([uniform(-R,R),uniform(-R,R),uniform(-R,R)])def Ft(r):f…
READ MORE...
Latest Q&A

Copyright @ 2022~2023