Shulou(Shulou.com)06/02 Report--

This article mainly introduces what is the difference between eval and ast.literal_eval in Python, it has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

In Python, what if you want to change the string type of list,tuple,dict to the original type? You will naturally think of eval at this time. The eval function is useful for converting data types in Python. Its function is to restore the data to itself or to a data type that can be converted.

String list

String tuple

String dict

In other words, eval can be used to convert typical strings of meta-ancestors, lists and words to meta-ancestors, lists and dictionaries. In addition, eval can also convert characters to

The string input is calculated directly. For example, she will calculate the result directly from the calculation string of'1x 1'.

From the above, eval is very powerful, that is, it can do type conversion between string and list,tuple,dict, and can also be used as a calculator! What's more, you can deal with all the strings she can parse, regardless of the possible consequences of taboos! So behind the strength of eval is a huge security hazard! For example, the user maliciously entered the following string

Open (ringing Dvu _ peg). Read ()

_ _ import__ ('os'). System (' dir')

_ _ import__ ('os'). System (' rm-rf / etc/*')

Then eval will show your computer directory structure, read files, and delete files regardless of three, seven or twenty-one. If it is a grid plate and other more serious operations, she will also do it! So here leads to another security processing method ast.literal_eval. You can first take a look at the stackoverflow and Python official explanation about this!

Stackoverflow

Python official documentation

To put it simply, the ast module helps Python applications handle abstract syntax parsing. The literal_eval () function under this module will determine whether the content to be calculated is a legal python type after calculation, and if so, the operation will be carried out, otherwise the operation will not be carried out.

For example, the above calculation operations, and dangerous operations, if replaced with ast.literal_eval (), will be refused.

Report value error, illegal string!

Only legitimate Python types are executed, which greatly reduces the risk of the system!

Thank you for reading this article carefully. I hope the article "what is the difference between eval and ast.literal_eval in Python" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.