星期二, 6月 10, 2008

[tips] evaluate python dictionaries from file safely.

有時候程式設計師總是會有點奇怪的潔癖,
例如這個讀設定檔的module就是這一類的產物,
說真的python有內建csv,ini跟xml之類的parser,
3rd party的parser也到處都是, 特定情況下其實execfile,exec,eval也都沒什麼錯,如果設定檔可以用.py結尾, 直接import 就可以了,再加上其實python 2.6就要支援direct modify ast tree了...實在看不出有什麼必要硬要用python的parser來讀進設定檔,不過話說回來如果只是想要安全的從檔案裡取出一個dictionary,這個小巧的module倒也不失為一個好方法.

# -*- coding: utf-8 -*-
#!/usr/bin/env python
"""
    safe_dict
    ~~~
    The `safe_dict` module helps you read a dictionary from a file using python syntax.
       
    The key and values in dictionary are string only.
    
    File `dict.file` (file which we read dict from) should only contain an anonymous dictionary.
    
    Support only Python 2.5+.
    
    reference:
        http://docs.python.org/dev/library/_ast
        http://dev.pocoo.org/hg/sandbox/file/08541da989dd/ast/ast.py
        http://pyside.blogspot.com/2008/03/ast-compilation-from-python.html
    ~~~
    :Author: http://timchen119.blogspot.com
    :license: Python License
"""

from __future__ import with_statement
import _ast 
#need python 2.5+

def safe_eval_literal(node_or_string):
    """
    Safe evaluate a literal.
    """
    _safe_names = {'None': None, 'True': True, 'False': False}
    if isinstance(node_or_string, basestring):
        node_or_string = compile(node_or_string, "<unknown>", "eval" , _ast.PyCF_ONLY_AST)
    if isinstance(node_or_string, _ast.Expression):
        node_or_string = node_or_string.body
    def _convert(node):
        if isinstance(node, _ast.Str):
            return node.s
        elif isinstance(node, _ast.Dict):
            return dict((_convert(k), _convert(v)) for k, v
                        in zip(node.keys, node.values))
        elif isinstance(node, _ast.Name):
            if node.id in _safe_names:
                return _safe_names[node.id] 
        raise ValueError('malformed string')
    return _convert(node_or_string)
    

def safe_read_dict_from(file):    
    """
    Safe evaluate a dictionary from a file.
    """
    try:        
        with open(file,'r') as f:
            source = f.read()
            node = compile(source, "<unknown>", "eval", _ast.PyCF_ONLY_AST)

            if isinstance(node.body, _ast.Dict):
                return safe_eval_literal(node.body)
            else:
                raise
    except:
        raise
    
if __name__ == '__main__':
    try:
        dict_we_want = safe_read_dict_from('dict.file')
    except Exception,e:
        print e



用法: 只要在你的dict.file裡加上一個python dictionary即可, 就可以用這個module讀入dict.file,為了安全性考量,也只讀入字串.

張貼者: 使徒提姆 !? 星期二, 6月 10, 2008

標籤: , , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)