Bottom Page

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 converting arguments or input numbers
#1
i've been doing things like this to convert arguments or input numbers:
   number = int(sys.argv[1])
now i have found a different way that is more fun though it needs more coding:
    try:
        number = eval(sys.argv[1])
    except:
        print('oops!')
        error_count += 1
if you want the traceback info, don't use the try/except. then you don't have to calculate formulas to enter their values (though you might have to use quotes around many formulas for most command shells).
What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.
Quote
#2
Hang on a minute guys. Let me put the pop corn in the microwave.
buran likes this post
Craig "Ichabod" O'Brien - xenomind.com
I wish you happiness.
Recommended Tutorials: BBCode, functions, classes, text adventures

Quote
#3
λ python arg_test.py "__import__('os').remove('important_file.dat')"
None

λ python arg_test.py "__import__('os').remove('important_file.dat')"
oops!
When important_file is gone Angel then get a oops.
Quote
#4
Besides the questionable use of eval, your code would improve by using a library to parse command line arguments, typically argparse of one of its wrappers argh or click or others.
Quote
#5
you can do that faster as a shell command. i won't be doing that on code that needs to run securely. it will be in code that runs with the credentials of who runs it. if you run it and do that, you'll only be doing it to yourself.

(Aug-20-2018, 06:39 AM)Gribouillis Wrote: Besides the questionable use of eval, your code would improve by using a library to parse command line arguments, typically argparse of one of its wrappers argh or click or others.
some of those libraries may be usable for some of my programs. most of my commands have unusual and/or non-standard command syntax. i have seen nothing that am able to use on eve half of my commands. my next program will have a syntax that uses both - and + and can even mix both sets of option within the same argument. and these options have specific influence on how the file names are tested as it goes. and, of course, error messages include argument context for user.

what are your questions about my use of eval()? am i calling it with credentials different than who types in that option? no!
What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.
Quote
#6
in which world your snippet with eval is better than the other one?

or if you want it with try/except
try:
    number = int(sys.argv[1])
except:
    print('oops!')
    error_count += 1
I also fully agree with Gribouillis that you will be better using package like click or similar...
Quote
#7
Your example is insecure:
python test.py 'os.remove("important_dir/test.bin")'
The probability that the os module is already imported, is very high.

If you want to give your hackers more features like executing statements, use the built-in exec function.
Then the hacker is able to do everything. Evaluating/Executing user input is unsafe and it's well known since WEB2.0.
This is the first lesson you learn. Never trust input, where you don't have control over it. It does not
matter if the input comes from a machine or a human. It's not under your control, then it's unsafe.
My code examples are always for Python >=3.6.0
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
Quote
#8
What about os.remove(__file__) or shutil.rmtree(os.path.expanduser("~")) ?
Quote
#9
@buran i just wrote a script that takes Unicode code points in various forms and converts them to a UTF-8 octet stream output (in hex) i can give it numbers on the command or in the input. i could add numbers. or i can give it an expression like range(0x400,0x440).

_
What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.
Quote

Top Page

Possibly Related Threads...
Thread Author Replies Views Last Post
  Trouble converting numbers to characters Involute 4 208 Sep-12-2019, 04:49 AM
Last Post: Involute
  Print Numbers starting at 1 vertically with separator for output numbers Pleiades 3 305 May-09-2019, 12:19 PM
Last Post: Pleiades
  converting python list to a list by user input Dante24 1 953 Nov-21-2017, 10:10 AM
Last Post: heiner55
  Functions (Arguments Passing,Changing a mutable ,Assignment to Arguments Names) Adelton 2 1,453 Mar-02-2017, 10:23 PM
Last Post: zivoni

Forum Jump:


Users browsing this thread: 1 Guest(s)