Re: [jokosher-devel] Jokosher Security Vulnerability

From: John Green <john thegreens co uk>
To: jokosher-devel-list gnome org
Subject: Re: [jokosher-devel] Jokosher Security Vulnerability
Date: Wed, 27 Sep 2006 12:18:21 +0100

On Wednesday 27 September 2006 11:52, Nick Murtagh wrote:
>
> exec is yucky.
>

absolutely

> Why not replace
>
>     exec("target_object.%s"%func)
>
> with
>
>     getattr(target_object, func)()
>
>
> There should probably be a try except around that in case target_object
> is None or func isn't a method or target_object.

I like the sound of using getattr or possibly hasattr as a way of guaranteeing 
what's there is valid. I think we are also passing parameters through func 
which complicates things a bit but that's probably just a bit of parsing.
-- 
John Green

john thegreens co uk

Follow-Ups:
- Re: [jokosher-devel] Jokosher Security Vulnerability
  - From: Laszlo Pandy

References:
- [jokosher-devel] Jokosher Security Vulnerability
  - From: Laszlo Pandy
- Re: [jokosher-devel] Jokosher Security Vulnerability
  - From: John Green
- Re: [jokosher-devel] Jokosher Security Vulnerability
  - From: Nick Murtagh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]