替换 python 中的“eval”以实现动态输入
我正在尝试在Python代码中替换eval。我正在使用配置文件来读取并创建Python语法中的字符串命令,后来使用eval执行。 有两个功能:
- 读取配置文件并创建一个可以使用
eval执行的字符串。示例:'raw_bytes [26:31] .hex()+“,”+codecs.decode(raw_bytes [41:42],\“ cp500 \”)+“,”+raw_bytes [48:49]。 hex()+“,”+raw_bytes [102:106] .hex()'
def extractor_command(config_file): 开始= 0 cmd =“” 用open(config_file,'r')作为f: 下一个(f)#sksking在第一行中评论 对于F中的行 col = line.split() 最高= start+int(col [2]) 如果col [3] ==“ 1”: 如果col [3] ==“ 0”: cmd = cmd+'raw_bytes [{}:{}]。 cmd = cmd+“+\”,\“+” 如果col [3] ==“ 1”: cmd = cmd+'codecs.decode(raw_bytes [{}:{}],“ cp500”)'。格式(str(start),str(str(to)), cmd = cmd+“+\”,\“+” elif col [2] ==“ 0”: 经过 start = to cmd = cmd.rstrip('+\“,\”+') 返回CMD
配置文件看起来像这样:
Nr Active Length(bytes) String
Field1 1 8 1
Field2 0 2 0
Field3 1 4 1
...
Field250 1 1 0
Field251 0 1 1
Field252 0 2 1
- 第二个功能,将读取一个二进制文件,并将使用第一函数中创建的命令从二进制文件中提取。提取的行写入TXT文件中。
def提取(in_file,out_file,cmd): ReadBlocks = 2052 compiled = compile(cmd,'< string>','eval') 用extracted_file打开(out_file,'w'): f =打开(in_file,'rb') 而真: raw_bytes = f.Read(readBlocks) 行= eval(编译) deftracted_file.write(行+'\ n') b = f.Read(1) 如果不是b: 休息 f.close()
尽管这很好,但我正在寻找另一种解决方案,以使代码更可读,并出于安全原因避免评估。另外,我不想创建命令以每次读取二进制文件的一部分时提取,因为它会影响性能(二进制文件很大)。 该代码看起来不漂亮,但仅供演示。 有建议吗?
I am trying to replace eval in a python code. I am using a configuration file to read and create a string command in python syntax which is later executed using eval.
There are two functions:
- Reads the configuration file and creates a string which can be executed using
eval. Example:'raw_bytes[26:31].hex()+","+codecs.decode(raw_bytes[41:42],\"cp500\")+","+raw_bytes[48:49].hex()+","+raw_bytes[102:106].hex()'
def extractor_command(config_file): START=0 CMD="" with open(config_file,'r') as f: next(f) #skipping the comments in the first line for line in f: col = line.split() UPTO=START+int(col[2]) if col[3] == "1": if col[3] == "0": CMD=CMD+'raw_bytes[{}:{}].hex()'.format(str(START),str(UPTO)) CMD=CMD+"+\",\"+" if col[3] == "1": CMD=CMD+'codecs.decode(raw_bytes[{}:{}],"cp500")'.format(str(START),str(UPTO)) CMD=CMD+"+\",\"+" elif col[2] == "0": pass START=UPTO CMD=CMD.rstrip('+\",\"+') return CMD
The configuration file looks like this:
Nr Active Length(bytes) String
Field1 1 8 1
Field2 0 2 0
Field3 1 4 1
...
Field250 1 1 0
Field251 0 1 1
Field252 0 2 1
- The second function, will read a binary file and will use the command created in the 1st function to extract from the binary file. The extracted lines are written into a txt file.
def extract(in_file,out_file,cmd): READBLOCKS=2052 compiled = compile(cmd, '<string>', 'eval') with open(out_file,'w') as extracted_file: f=open(in_file, 'rb') while True: raw_bytes = f.read(READBLOCKS) row=eval(compiled) extracted_file.write(row+'\n') b=f.read(1) if not b: break f.close()
Although this works fine I am looking for another solution to make the code more readable and avoid eval for security reasons. Also I don't want to create the command to extract everytime a portion of the binary file is read, because it impacts the performance (binary file is huge).
The code doesn't look pretty but it's just for demonstration.
Any suggestion?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论