Python "safe" eval (string to bool/int/float/None/string)

10,082

ast.literal_eval()

>>> ast.literal_eval('{False: (1, 0x2), True: [3.14, 04, 0b101], None: ("6", u"7", r\'8\')}')
{False: (1, 2), True: [3.1400000000000001, 4, 5], None: ('6', u'7', '8')}
Share:
10,082

Related videos on Youtube

Emile
Author by

Emile

Game Developper, Python fan.

Updated on December 09, 2020

Comments

  • Emile
    Emile over 3 years

    I'm making a webapp that does some data processing, so I frequently find myself parsing strings (from an URL or a text file) into Python values.

    I use a function that is "kind of" a safer version of eval (except that if it can't read the string, it stays a string):

    def str_to_value(string):
        for atom in (True, False, None):
            if str(atom) == string:
                return atom
        else:
            try:
                return int(string)
            except ValueError:
                try:
                    return float(string)
                except ValueError:
                    return string
    

    ... however, this seems very ugly to me. Is there a cleaner way of doing this? I found an old discussion os something like this, but I'm wondering if there isn't a quick and simple way (like a library function I don't know of, or a clever one-liner?).

    • Katriel
      Katriel
      This isn't safe unless you trust string to be a str (and not a subclass, either) -- otherwise, an evildoer could write a class with a malicious __eq__ method which would be called when you test whether your string looks like True.
    • Emile
      Emile
      katrielalex: right, I'm getting all my data as strings (I think that if I'm getting untrusted Python object, there's probably already a huge security hole somewhere else).
  • Emile
    Emile over 13 years
    Thanks! Guido's Time Machine strikes again! I'll have to dig through the ast library, it's one of those "general purpose" libraries that's most likely to contain useful stuff (like itertools, functools, collections ...)
  • Karl Knechtel
    Karl Knechtel over 13 years
    I just realized how many evil dirty hacks I've created in the past that should have been using this instead of plain eval. Ouch. :)

Related