Python etc / ast.literal_eval

Published: 25 August 2020, 18:00

ast.literal_eval is a restricted version of eval that evaluates only literals:

ast.literal_eval('[1, True, "three"]')
# [1, True, 'three']

# ValueError: malformed node or string: <_ast.BinOp object ...>

This can be used for safely evaluating strings containing Python values from untrusted sources. For example, to support types for environment variables. However, be aware that too large and complex string can crash the interpreter:

>>> import ast
>>> ast.literal_eval('1+1'*1000000)
[1]    32177 segmentation fault  python3