python注入_Python如何考虑代码注入安全?
使用ast.literal_eval(), 只允許使用 string,bytes,number,tuples,lists,discts,set,booleans,None
ast.literal_eval(node_or_string)
Safely evaluate an expression node or a string containing a Python literal or container display. The string or node provided may only consist of the following Python literal structures: strings, bytes, numbers, tuples, lists, dicts, sets, booleans, and None.
This can be used for safely evaluating strings containing Python values from untrusted sources without the need to parse the values oneself. It is not capable of evaluating arbitrarily complex expressions, for example involving operators or indexing.
Changed in version 3.2: Now allows bytes and set literals.
總結(jié)
以上是生活随笔為你收集整理的python注入_Python如何考虑代码注入安全?的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: python3数据库表关联_Django
- 下一篇: python补课费用_学习python阶