https://stackoverflow.com/questions/16011148
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianNo, it was decided long ago that we don't offer this. Maybe we can rethink it nowadays, but please note that it only gives a false sense of security. Calling eval() on a string provided by a 3rd party is never safe, even if you use the trick of {'__builtins__':{}}. See Python: make eval safe.
Is it possible to restrict the builtins in PyPy?
-
04-04-2022 - |
Question
According to the PyPy docs, "the builtins name is always referencing the builtin module, never a dictionary as it sometimes is in CPython. Assigning to builtins has no effect." For example in CPython:
>>> eval("__import__('os').system('clear')", {'__builtins__':{}})
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "<string>", line 1, in <module>
NameError: name '__import__' is not defined
In PyPy it runs it without an error. Is there another way of restricting the builtins available?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
