Article Directory
eval function
In Python, what if you want to convert the string type list, tuple, and dict to the original type?
At this time you will naturally think of eval . The eval function is very useful for data type conversion in Python. Its function is to restore the data to itself or a data type that can be transformed into it .
- Convert string to list
>>> str_list = "[1, 2, 3, 4]"
>>> chg_list = eval(str_list)
>>> str_list; chg_list
'[1, 2, 3, 4]'
[1, 2, 3, 4]
>>> type(str_list); type(chg_list)
<class 'str'>
<class 'list'>
- Convert string to tuple
>>> str_tuple="(1, 2, 3)"
>>> chg_tuple = eval(str_tuple)
>>> str_tuple; chg_tuple
'(1, 2, 3)'
(1, 2, 3)
>>> type(str_tuple); type(chg_tuple)
<class 'str'>
<class 'tuple'>
- stirng into dict
>>> str_dict = "{'name': 'Jerry'}"
>>> chg_dict = eval(str_dict)
>>> str_dict; chg_dict
"{'name': 'Jerry'}"
{
'name': 'Jerry'}
>>> type(str_dict); type(chg_dict)
<class 'str'>
<class 'dict'>
In other words, eval can be used to convert from primitive, list, and dictionary -type strings to primitive, lists, and dictionaries . In addition, eval can also directly calculate string-type inputs. For example, she will calculate the result directly from the calculation string of '1+1'.
>>> value = eval(input("please put a vaule string: "))
please put a vaule string: 1+1
>>> value
2
From the above point of view, the eval function is very powerful, that is, it can do type conversion between string and list, tuple, and dict, and it can also be used as a calculator! What's more, you can deal with all the strings that she can parse, regardless of the possible consequences! Therefore, behind the power of eval is a huge safety hazard! ! ! For example, the user maliciously enters the following string
open(r'D://filename.txt', 'r').read()
__import__('os').system('dir')
__import__('os').system('rm -rf /etc/*')
Then eval will ignore the three seven twenty one, display the directory structure of your computer, read files, delete files... If it is a more serious operation such as a grid disk, she will do it correctly! ! !
So here is another safe handling method ast.literal_eval
ast.literal_eval function
Simply put, the ast module is to help Python applications handle abstract syntax analysis
And the ast.literal_eval() function under this module : it will judge whether the content to be calculated is a legal python type after calculation , if it is, it will perform the operation, otherwise it will not be calculated
For example, the above calculation operations and dangerous operations, if replaced by ast.literal_eval() , will refuse to execute. Report value error, illegal string!
Only legal Python types are executed, which greatly reduces the risk of the system!
import ast
ast.literal_eval('(1, 2, 3)')
(1, 2, 3)
ast.literal_eval('[1, 2, 3]')
[1, 2, 3]
ast.literal_eval("{'name':'Jerry'}")
{
'name': 'Jerry'}
Therefore, for safety reasons, it is best to use the ast.literal_eval() function when converting strings!