Skip to content

gh-141778: add missing validation in ast.literal_eval() for non-string input#142969

Draft
skirpichev wants to merge 7 commits into
python:mainfrom
skirpichev:validation-of-Constants/141778
Draft

gh-141778: add missing validation in ast.literal_eval() for non-string input#142969
skirpichev wants to merge 7 commits into
python:mainfrom
skirpichev:validation-of-Constants/141778

Conversation

@skirpichev
Copy link
Copy Markdown
Member

@skirpichev skirpichev commented Dec 19, 2025
edited
Loading

This also changes parsing of the private __text_signature__ attribute by inspect.signature(). Now we accept here only types, valid for ast.Constant().

@skirpichev
pythongh-141778: add missing validation in ast.literal_eval() for non…
7c90e20 
…-string input

This also changes parsing of the private `__text_signature__` attribute
by inspect.signature().  Now we accept here only types, valid for
ast.Constant().
@bedevere-app bedevere-app Bot mentioned this pull request Dec 19, 2025
Open
JelleZijlstra
JelleZijlstra reviewed Dec 22, 2025
View reviewed changes
Comment thread Lib/ast.py
_type_Ellipsis = type(...)


def _convert_literal(node, omit_validation=False):
Copy link
Copy Markdown
Member

@JelleZijlstra JelleZijlstra Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this change? It may make life harder for some users.

Copy link
Copy Markdown
Member Author

@skirpichev skirpichev Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you be more precise, any example?

We need this, because literal_eval() accepts invalid AST for non-string input. Per documentation:

The string or node provided may only consist of the following Python literal structures: strings, bytes, numbers, tuples, lists, dicts, sets, booleans, None and Ellipsis.

@skirpichev skirpichev closed this Dec 25, 2025
@skirpichev skirpichev deleted the validation-of-Constants/141778 branch December 25, 2025 21:29
@skirpichev skirpichev restored the validation-of-Constants/141778 branch May 23, 2026 08:18
@skirpichev skirpichev reopened this May 23, 2026
@skirpichev skirpichev marked this pull request as draft May 23, 2026 08:18
@skirpichev skirpichev self-assigned this May 23, 2026
@read-the-docs-community
Copy link
Copy Markdown

read-the-docs-community Bot commented May 23, 2026

Documentation build overview

📚 cpython-previews | 🛠️ Build #32820467 | 📁 Comparing 7c90e20 against main (a7d5a6c)

  🔍 Preview build  

439 files changed · ± 422 modified · - 17 deleted

± Modified

- Deleted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JelleZijlstra JelleZijlstra JelleZijlstra left review comments

@Eclips4 Eclips4 Awaiting requested review from Eclips4 Eclips4 is a code owner

@tomasr8 tomasr8 Awaiting requested review from tomasr8 tomasr8 is a code owner

@isidentical isidentical Awaiting requested review from isidentical isidentical is a code owner

Assignees

@skirpichev skirpichev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@skirpichev @JelleZijlstra