+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: converting arguments or input numbers (/thread-12317.html)
converting arguments or input numbers - Skaperen - Aug-20-2018
i've been doing things like this to convert arguments or input numbers:
number = int(sys.argv[1])now i have found a different way that is more fun though it needs more coding:
try:
number = eval(sys.argv[1])
except:
print('oops!')
error_count += 1if you want the traceback info, don't use the try/except. then you don't have to calculate formulas to enter their values (though you might have to use quotes around many formulas for most command shells).
RE: converting arguments or input numbers - ichabod801 - Aug-20-2018
Hang on a minute guys. Let me put the pop corn in the microwave.
RE: converting arguments or input numbers - snippsat - Aug-20-2018
λ python arg_test.py "__import__('os').remove('important_file.dat')"
None
λ python arg_test.py "__import__('os').remove('important_file.dat')"
oops!When important_file is gone 
then get a oops.
RE: converting arguments or input numbers - Gribouillis - Aug-20-2018
Besides the questionable use of
eval, your code would improve by using a library to parse command line arguments, typically argparse of one of its wrappers argh or click or others.
RE: converting arguments or input numbers - Skaperen - Aug-20-2018
you can do that faster as a shell command. i won't be doing that on code that needs to run securely. it will be in code that runs with the credentials of who runs it. if you run it and do that, you'll only be doing it to yourself.
(Aug-20-2018, 06:39 AM)Gribouillis Wrote: Besides the questionable use ofsome of those libraries may be usable for some of my programs. most of my commands have unusual and/or non-standard command syntax. i have seen nothing that am able to use on eve half of my commands. my next program will have a syntax that uses both - and + and can even mix both sets of option within the same argument. and these options have specific influence on how the file names are tested as it goes. and, of course, error messages include argument context for user.eval, your code would improve by using a library to parse command line arguments, typicallyargparseof one of its wrappersarghorclickor others.
what are your questions about my use of eval()? am i calling it with credentials different than who types in that option? no!
RE: converting arguments or input numbers - buran - Aug-20-2018
in which world your snippet with
eval is better than the other one?or if you want it with try/except
try:
number = int(sys.argv[1])
except:
print('oops!')
error_count += 1I also fully agree with Gribouillis that you will be better using package like click or similar...
RE: converting arguments or input numbers - DeaD_EyE - Aug-20-2018
Your example is insecure:
python test.py 'os.remove("important_dir/test.bin")'The probability that the os module is already imported, is very high.If you want to give your hackers more features like executing statements, use the built-in
exec function.Then the hacker is able to do everything. Evaluating/Executing user input is unsafe and it's well known since WEB2.0.
This is the first lesson you learn. Never trust input, where you don't have control over it. It does not
matter if the input comes from a machine or a human. It's not under your control, then it's unsafe.
RE: converting arguments or input numbers - Gribouillis - Aug-20-2018
What about
os.remove(__file__) or shutil.rmtree(os.path.expanduser("~")) ?
RE: converting arguments or input numbers - Skaperen - Aug-21-2018
@buran i just wrote a script that takes Unicode code points in various forms and converts them to a UTF-8 octet stream output (in hex) i can give it numbers on the command or in the input. i could add numbers. or i can give it an expression like range(0x400,0x440).
_