New Keyword - Raw

sandraC · March 29, 2022, 4:47pm

Hello everyone.
I want to learn if there is a direct way of changing strings into “source-text” -unquoted text in python files-. If not -I suppose so-, that would probably be good to add a new keyword, maybe raw. That will say Python interpreter to execute the string -which comes after this keyword- as source text. Not as a string.

I -there may also be others- sometimes really need to change strings into source text for some reason. I have listed some of my basic reasons below:

(main reason) To put an input(not just user-input) directly inside the code
To create custom-named variables/functions/classes
To add code into a running module(not permanently)

I want to give an example about it:

module_name = input("Enter a module name to import: ")
func_name = input(f"Enter a function name exists in {module_name}: ")
args = input("Enter some arguments to pass to the function: ")
import raw module_name
func_call = module_name+"."+func_name+"("+args+")"
print("Result of the process: ", raw func_call)

As a sample usage of this simple code, I prepared this for you to have a look at:

Enter a module name to import: re
Enter a function name exists in re: findall
Enter some arguments to pass to the function: "dolor","Lorem ipsum dolor sit amet..."
Result of the process:  ['dolor']

.
.
One more example:

new_line = input("Please enter a code line: ")
raw new_line

Sample about its usage:

Please enter a code line: print("Hello World!")
Hello World!

.
.
I don’t think that we are able to do such kind of things currently.(If we are, please let me know about it ). This keyword may bring a bit more ease to Python and I hope you will take this post in account. Thanks for reading.

adang1345 · March 29, 2022, 4:51pm

You can use eval() or exec().

https://docs.python.org/3/library/functions.html#eval
https://docs.python.org/3/library/functions.html#exec

sandraC · March 29, 2022, 4:58pm

I was looking for a way to do this kind of stuff for several days-couldn’t find anything probably because of the words I use as search term-. Thank you for your valuable respond. Then, I am changing the tag as Users -that makes more sense in this case.

CAM-Gerlach · March 30, 2022, 2:21am

Just to note, while okay for toy examples, you generally want to avoid literal interpretation of user input as code at all costs (i.e. eval/exec), because it can open the door for all kinds of security and stability issues (even unintentional on the part of the user). This is how a lot of security vulnerabilities arise, and can also lead to all kinds of issues with your code and destructive actions on user systems. For example, a user could enter shutil, rmtree and "/" to delete the system’s entire boot disk.

But it goes well beyond this—suppose you just have the user pass arguments to some pre-set function—that seems safe, right? Well, if you eval() it from a “raw string” you construct rather than actually parsing the arguments and passing them to the function normally, if you aren’t extremely careful to sanitize everything, the user can easily “escape” the context of the function and run their own arbitrary code. For example, say you have a function print that you want to let users pass arguments to, so you do:

print_args = input("What do you want to print? ")
code_to_run = f"print({print_args})"
eval(code_to_run)

If the user enters, say "Hello world!" or "Spam", "Spam", "Eggs", "Spam" all is well. But if they enter ); import shutil; shutil.rmtree("/"…well, you’ve just got Little Bobby Tables.

There are usually better strategies to achieve whatever you want without this. In the above (contrived) example, the user can pass comma-separated strings and then you can unpack them into print():

print_args_raw = "Spam, Spam, Eggs, Spam"  # Example user input
print_args = [arg.strip() for arg in print_args_raw.split(",")])
print(*print_args)

More relevantly, in your example, you can use getattr() to get func_name from module_name, then, say, feed your function a list or dict of parse arguments. So instead of

you could do

func_call = getattr(globals()[module_name], func_name)(*parsed_args)

sandraC · March 30, 2022, 5:42am

Thank you for your great explanations. Safety may be a problem, yes. But,I think, it is always there if you have a computer.
By the way, I am aware of the external-they are also built-in- import methods. But I just wanted to learn-and learnt- if there is a general way to do this kind of things.Thanks again.