0

Is there a way to take python statements as a string, list or any other variable and then later execute them later as code (perhaps with delayed modifications)?

Simple example:

execution_statements = '''
print(a)
print(b)
print({})
'''.format(c)

while_loop = '''
while(condition==True):
    {}
    #execution statements
'''.format(execution_statements)

python.execute_as_code(while_loop)
Matthew Schinckel
  • 35,041
  • 6
  • 86
  • 121
Deepak
  • 653
  • 1
  • 7
  • 12
  • 3
    exec, eval and compile are your dangerous friends – dawg Sep 20 '17 at 01:39
  • why so? Can you elaborate? – Deepak Sep 20 '17 at 01:42
  • 3
    Using string manipulation to generate code lends itself to security vulnerabilities. There's a long history -- SQL injection vulnerabilities are an example; so are shell injection vulnerabilities; so are many other common attacks performed by attaching code to content intended to be interpreted as data in the JavaScript world. It's much safer to do dynamic programming at the AST level, not by working with text. – Charles Duffy Sep 20 '17 at 01:44
  • (that said, frankly, if you want to write nontrivial code-generating code, Python isn't a great choice -- you'll have a much easier time of it in a LISP, where the code you write is represented *literally the exact same way* as the AST data structures that code is parsed and executed with. See https://en.wikipedia.org/wiki/Homoiconicity). – Charles Duffy Sep 20 '17 at 01:46
  • Hmm! very interesting, I nearly went down the rabbit hole and read a bunch about this just now. However, most of the articles I read seem to suggest that LISP & its languages were popular but are losing their relevance now. Is there a move away from meta programming in recent times or perhaps a new paradigm has come to make it even more abstract? Also, if I want to play around with meta-programming, any suggestions on languages to pickup, something hopefully that's going to remain popular for a while and have good community support. Thanks! I'm new to the Programming world! – Deepak Sep 20 '17 at 02:18
  • I wouldn't agree with that assessment -- Common LISP, maybe, but not the family as a whole. Clojure is a JVM-based LISP with quite a lot of commercial uptake (my last several employers have used it in some capacity or another -- my current employer included; indeed, it was one of my coworkers who gave the opening presentation at the last Conj). – Charles Duffy Sep 20 '17 at 05:06
  • (And for both a bit of admitted advocacy and a more general -- and valuable -- argument around the pitfalls inherent in following the crowd, see Paul Graham's classic essay [Beating the Averages](http://www.paulgraham.com/avg.html)). – Charles Duffy Sep 20 '17 at 05:11

2 Answers2

1

Use exec built in function. This is a valid implementation:

c = '"test"'

execution_statements = '''
    print(1)
    print(2)
    print({})
'''.format(c)

while_loop = '''\
while (True):
    {}
    #execution statements
'''.format(execution_statements)

exec(while_loop)

Just take care where input comes from because this represents a flaw in security.

Clayton A. Alves
  • 388
  • 2
  • 10
1

You can use the exec statement, listed here in the documentation. However, you should never use exec. See here for why

rma
  • 1,853
  • 1
  • 22
  • 42