DEV Community

Cover image for Using Literal Eval for String-to-Object Conversion in Python
Michell Stuttgart
Michell Stuttgart

Posted on

Using Literal Eval for String-to-Object Conversion in Python

#python #programming #beginners #tutorial

literal_eval is an interesting function from Python's built-in library ast. This function evaluates a string representation of any Python expression and executes it.

Prerequisites

  • Basic knowledge of Python
  • Python version: 3.10

Examples

For example, let's convert the string "True" to the boolean value True:

import ast
value = ast.literal_eval('True')

print(value) # output: True
print(type(value)) # output: <type 'bool'>
Enter fullscreen mode Exit fullscreen mode

This command can also handle more complex instructions, like list:

import ast

value = ast.literal_eval("[1, 2, 3]")

print(value) # output: [1, 2, 3]
print(type(value)) # output: <type 'list'>
Enter fullscreen mode Exit fullscreen mode

and dict:

import ast

value = ast.literal_eval("{'a': 1, 'b': 1, 'c': 42}")

print(value) # output: {'a': 1, 'b': 1, 'c': 42}
print(type(value)) # output: <type 'dict'>
Enter fullscreen mode Exit fullscreen mode

Differences between eval and literal_eval

The literal_eval function is similar to the well-known eval command, but it only accepts a limited set of Python structures: strings, numbers, dictionaries, lists, tuples, boolean values (True or False), or None.

The eval command is more powerful, but it can be dangerous if you don't control the strings it processes. For example, running the command eval('rm -rf /') on a Linux system (please, DO NOT run this command) would delete all files from the root of the operating system. However, if you pass the same string to the literal_eval function, it will perform a security check before executing it and will raise a ValueError exception.

>>> ast.literal_eval("__import__('os').system('rm -rf /')")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.5/ast.py", line 84, in literal_eval
    return _convert(node_or_string)
  File "/usr/lib/python3.5/ast.py", line 83, in _convert
    raise ValueError('malformed node or string: ' + repr(node))
ValueError: malformed node or string: <_ast.Call object at 0x7f120ed568d0>
Enter fullscreen mode Exit fullscreen mode

Conclusion

Despite the limitations on the types of structures accepted by literal_eval (which is not really an issue), it is recommended to use literal_eval instead of eval. The function's validation before executing an instruction can prevent many problems (as shown in the example above) and gives us better control over the code, as we know the types of structures it accepts as parameters.

References

ast - Abstract Syntax Trees — Python 3.10.15 documentation. https://docs.python.org/3.10/library/ast.html.

Top comments (0)

Read next

marita_giorgobiani_16579a profile image

Unlock the Power of Node.js with NodeMaven

marita Giorgobiani -

usooldatascience profile image

JavaScript Data Structures Cheat Sheet: Arrays, Typed Arrays, Sets, Maps, and WeakMaps (with Python Equivalents)

Usool -

fabiothiroki profile image

Are You Feeling Overwhelmed? Recognizing Signs of Strain in Tech

Fabio Hiroki -

laxmann profile image

Execution Context

Laxman Nemane -