DEV Community

Cover image for Using Literal Eval for String-to-Object Conversion in Python
Michell Stuttgart
Michell Stuttgart

Posted on

Using Literal Eval for String-to-Object Conversion in Python

#python #programming #beginners #tutorial

literal_eval is an interesting function from Python's built-in library ast. This function evaluates a string representation of any Python expression and executes it.

Prerequisites

  • Basic knowledge of Python
  • Python version: 3.10

Examples

For example, let's convert the string "True" to the boolean value True:

import ast
value = ast.literal_eval('True')

print(value) # output: True
print(type(value)) # output: <type 'bool'>
Enter fullscreen mode Exit fullscreen mode

This command can also handle more complex instructions, like list:

import ast

value = ast.literal_eval("[1, 2, 3]")

print(value) # output: [1, 2, 3]
print(type(value)) # output: <type 'list'>
Enter fullscreen mode Exit fullscreen mode

and dict:

import ast

value = ast.literal_eval("{'a': 1, 'b': 1, 'c': 42}")

print(value) # output: {'a': 1, 'b': 1, 'c': 42}
print(type(value)) # output: <type 'dict'>
Enter fullscreen mode Exit fullscreen mode

Differences between eval and literal_eval

The literal_eval function is similar to the well-known eval command, but it only accepts a limited set of Python structures: strings, numbers, dictionaries, lists, tuples, boolean values (True or False), or None.

The eval command is more powerful, but it can be dangerous if you don't control the strings it processes. For example, running the command eval('rm -rf /') on a Linux system (please, DO NOT run this command) would delete all files from the root of the operating system. However, if you pass the same string to the literal_eval function, it will perform a security check before executing it and will raise a ValueError exception.

>>> ast.literal_eval("__import__('os').system('rm -rf /')")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.5/ast.py", line 84, in literal_eval
    return _convert(node_or_string)
  File "/usr/lib/python3.5/ast.py", line 83, in _convert
    raise ValueError('malformed node or string: ' + repr(node))
ValueError: malformed node or string: <_ast.Call object at 0x7f120ed568d0>
Enter fullscreen mode Exit fullscreen mode

Conclusion

Despite the limitations on the types of structures accepted by literal_eval (which is not really an issue), it is recommended to use literal_eval instead of eval. The function's validation before executing an instruction can prevent many problems (as shown in the example above) and gives us better control over the code, as we know the types of structures it accepts as parameters.

References

ast - Abstract Syntax Trees — Python 3.10.15 documentation. https://docs.python.org/3.10/library/ast.html.

Top comments (0)

Read next

whiskeygerman profile image

Web canvas with generative neural networks with elements of visual programming.

German Whiskey -

visdom_04_88f1c6e8a47fe74 profile image

Agentic Mesh: Pioneering the Future of Autonomous Agent Ecosystems

VISDOM 04 -

lightningchart profile image

LightningChart Python 1.0

Omar Urbano | LightningChart -

lakshmi_prithanadesan_32 profile image

Full Stack Python Developer - Day 1

Lakshmi Pritha Nadesan -