0

I want to do following. Script has some python code as a string (saved in a variable) and is it possible to run that code ?

Well, I know one way, writing that string to a file & running it, but I don't want that. Without creating any extra file, is it possible to run it ?

Here is a example :

let's assume my python file has following content 

#this is a main python file
content = ''' print 'hello!'
                   print 'this is from sub python code' '''
print 'from main python'

The content string has a python code & I want to run it. Is it possible ?

Hope I am clear. Thank you !

Blender
  • 289,723
  • 53
  • 439
  • 496
avi
  • 9,292
  • 11
  • 47
  • 84
  • @Blender - Thank you editing. I posted this from a mobile & before I could realize, you had it edited. :) – avi Jan 19 '13 at 04:20
  • 2
    Can you tell us why there's a string with code in it? Why not just change the string to be a function? If it's data you read from somewhere else, you are opening yourself to a world of hurt if you don't trust the source. – Ned Batchelder Jan 19 '13 at 04:21
  • @Ned Batchelder - Oops, I didn't get that idea. But how do I change string to a function, without writing to a another file ? I am not reading data from any untrusted source. I am just experimenting. And thanks for the warning, I will be careful. – avi Jan 19 '13 at 04:27
  • @AshRj - Yup, that's the one ! Will check out – avi Jan 19 '13 at 04:28

4 Answers4

2

I'll say this up front: This is a terrible idea, and depending on the source of the string a serious security risk.

That disclaimer out of the way, python has an exec function that executes a string containing python code. For example:

exec("print 2+2")

Edit: I originally used eval in my answer, which is useful for evaluating individual expressions, while exec can be used for more general execution of arbitrary python code in a string.

Relevant docs:

http://docs.python.org/2/reference/simple_stmts.html#exec

http://docs.python.org/2/library/functions.html#eval

  • I am not reading data from any untrusted source. I am just experimenting. And thanks for the warning, I will be careful. Can eval run full python code ? with import libraries & stuff ? Thanks for replying ! – avi Jan 19 '13 at 04:28
  • So I actually was a little rusty on the exact mechanics of eval, and exec would be more appropriate for that sort of thing. I'll edit my answer to clarify. –  Jan 19 '13 at 04:44
  • Okay, turns eval doesn't work out for statements & its only for expressions. – avi Jan 19 '13 at 04:51
0

Well you could use eval:

eval(content)

And that will do what you want, however it's not recommended, especially if someone else controls the content of content - it's not too hard to hack into your system if you have eval

Volatility
  • 31,232
  • 10
  • 80
  • 89
  • I am not reading data from any untrusted source. I am just experimenting. And thanks for the warning, I will be careful. Thank you for replying ! – avi Jan 19 '13 at 04:29
0

Did you tried with exec method as per documentation that should do

exec "print 'Hello, World!'"

sumeet kumar
  • 2,628
  • 1
  • 16
  • 24
0

Depending on the code you are trying to execute, you may use eval() or exec. There are several differences between these two options:

  1. eval() does what it should: it evaluates an expression and returns a value, not executes code. That means you may call functions, do some arithmetic, even use list comprehensions, generators or lambdas, but not execute python statements that aren't expressions (e.g. if, for, print in Python 2; however, in Python 3 print is a function and is ok).
  2. eval() accepts more parameters than just a string. It gets locals and globals, two dictionaries, defining the scope environment. You may make evaluation nearly (though not really) safe for untrusted strings if you fill and pass these dictionaries to eval(). Probably, you may even redefine builtins by properly setting __builtins__ in globals. http://docs.python.org/2/library/functions.html#eval
  3. exec also accepts globals and locals. See http://docs.python.org/2/reference/simple_stmts.html#exec . And it may execute everything. And it is virtually impossible to make it even relatively safe.
Ellioh
  • 5,162
  • 2
  • 20
  • 33