Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bpo-40355: ast.literal_eval rejects malformed Dict nodes #19868

Merged
merged 5 commits into from
May 5, 2020
Merged

bpo-40355: ast.literal_eval rejects malformed Dict nodes #19868

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
36eb5b8
Fix literal_eval and add tests
curtisbucher May 2, 2020
2c72460
Update ast.py
curtisbucher May 3, 2020
3e68c2e
Update Misc/NEWS.d/next/Library/2020-05-02-14-24-48.bpo-40355.xTujaB.rst
curtisbucher May 5, 2020
2427ed2
Update ast.py and test_ast.py
curtisbucher May 5, 2020
bc9274f
Merge branch 'astliteraleval' of https://github.com/curtisbucher/cpyt…
curtisbucher May 5, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion Lib/ast.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,13 @@ def literal_eval(node_or_string):
node_or_string = parse(node_or_string, mode='eval')
if isinstance(node_or_string, Expression):
node_or_string = node_or_string.body
def _malformed(node):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, call this function with a verb, not a noun. Finding malformed in the middle of the code is a bit surprising compared with report_malformed_node or raise_malformed_exception or something similar.

raise ValueError(f'malformed node or string: {node!r}')
def _convert_num(node):
if isinstance(node, Constant):
if type(node.value) in (int, float, complex):
return node.value
raise ValueError('malformed node or string: ' + repr(node))
_malformed(node)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: I suppose at this point we can invert the check to make the intent a bit more clear:

        if not isinstance(node, Constant) or type(node.value) not in (int, float, complex):
            _raise_malformed_node(node)
        return node.value

def _convert_signed_num(node):
if isinstance(node, UnaryOp) and isinstance(node.op, (UAdd, USub)):
operand = _convert_num(node.operand)
Expand All @@ -88,6 +90,8 @@ def _convert(node):
node.func.id == 'set' and node.args == node.keywords == []):
return set()
elif isinstance(node, Dict):
if len(node.keys) != len(node.values):
_malformed(node)
return dict(zip(map(_convert, node.keys),
map(_convert, node.values)))
elif isinstance(node, BinOp) and isinstance(node.op, (Add, Sub)):
Expand Down
6 changes: 6 additions & 0 deletions Lib/test/test_ast.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -965,6 +965,12 @@ def test_literal_eval_complex(self):
self.assertRaises(ValueError, ast.literal_eval, '3+(0+6j)')
self.assertRaises(ValueError, ast.literal_eval, '-(3+6j)')

def test_literal_eval_malformed(self):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find this name is too generic. Maybe test_literal_eval_malformed_dict_nodes ?

malformed = ast.Dict(keys=[ast.Constant(1), ast.Constant(2)], values=[ast.Constant(3)])
self.assertRaises(ValueError, ast.literal_eval, malformed)
malformed = ast.Dict(keys=[ast.Constant(1)], values=[ast.Constant(2), ast.Constant(3)])
self.assertRaises(ValueError, ast.literal_eval, malformed)

def test_bad_integer(self):
# issue13436: Bad error message with invalid numeric values
body = [ast.ImportFrom(module='time',
Expand Down
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Library/2020-05-02-14-24-48.bpo-40355.xTujaB.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Fixed case where malformed :class:`ast.Dict` nodes could have keys or values
thrown away by :func:`ast.literal_eval`. Patch by Curtis Bucher.
curtisbucher marked this conversation as resolved.
Show resolved Hide resolved