Re: [jokosher-devel] Jokosher Security Vulnerability



On Wednesday 27 September 2006 11:52, Nick Murtagh wrote:
>
> exec is yucky.
>

absolutely

> Why not replace
>
>     exec("target_object.%s"%func)
>
> with
>
>     getattr(target_object, func)()
>
>
> There should probably be a try except around that in case target_object
> is None or func isn't a method or target_object.

I like the sound of using getattr or possibly hasattr as a way of guaranteeing 
what's there is valid. I think we are also passing parameters through func 
which complicates things a bit but that's probably just a bit of parsing.
-- 
John Green

john thegreens co uk



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]