diff options
author | Gregory P. Smith <greg@krypto.org> | 2022-10-02 00:55:40 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-02 00:55:40 (GMT) |
commit | 8baef8ae367041a5cfefb40b19c7b87e9bcb56a2 (patch) | |
tree | cd2e3f7b254d9bc34d5d66657fe821c96853b266 /Doc/library/ast.rst | |
parent | bd7d0e875e6955dd69cde18a034e59a75b8b4d00 (diff) | |
download | cpython-8baef8ae367041a5cfefb40b19c7b87e9bcb56a2.zip cpython-8baef8ae367041a5cfefb40b19c7b87e9bcb56a2.tar.gz cpython-8baef8ae367041a5cfefb40b19c7b87e9bcb56a2.tar.bz2 |
gh-95588: Drop the safety claim from `ast.literal_eval` docs. (#95919)
It was never really safe and this claim conflicts directly with the big warning in the docs about it being able to crash the interpreter.
Diffstat (limited to 'Doc/library/ast.rst')
-rw-r--r-- | Doc/library/ast.rst | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/Doc/library/ast.rst b/Doc/library/ast.rst index 0349130..0811b3f 100644 --- a/Doc/library/ast.rst +++ b/Doc/library/ast.rst @@ -1991,20 +1991,28 @@ and classes for traversing abstract syntax trees: .. function:: literal_eval(node_or_string) - Safely evaluate an expression node or a string containing a Python literal or + Evaluate an expression node or a string containing only a Python literal or container display. The string or node provided may only consist of the following Python literal structures: strings, bytes, numbers, tuples, lists, dicts, sets, booleans, ``None`` and ``Ellipsis``. - This can be used for safely evaluating strings containing Python values from - untrusted sources without the need to parse the values oneself. It is not - capable of evaluating arbitrarily complex expressions, for example involving - operators or indexing. + This can be used for evaluating strings containing Python values without the + need to parse the values oneself. It is not capable of evaluating + arbitrarily complex expressions, for example involving operators or + indexing. + + This function had been documented as "safe" in the past without defining + what that meant. That was misleading. This is specifically designed not to + execute Python code, unlike the more general :func:`eval`. There is no + namespace, no name lookups, or ability to call out. But it is not free from + attack: A relatively small input can lead to memory exhaustion or to C stack + exhaustion, crashing the process. There is also the possibility for + excessive CPU consumption denial of service on some inputs. Calling it on + untrusted data is thus not recommended. .. warning:: - It is possible to crash the Python interpreter with a - sufficiently large/complex string due to stack depth limitations - in Python's AST compiler. + It is possible to crash the Python interpreter due to stack depth + limitations in Python's AST compiler. It can raise :exc:`ValueError`, :exc:`TypeError`, :exc:`SyntaxError`, :exc:`MemoryError` and :exc:`RecursionError` depending on the malformed |