cval 0.1.1

A layer of protection for pythons eval

Cval

A layer of protection for eval
View Examples · Report Bug

About

A decently simple script that uses regular expression to add a layer of protection to eval. Why? Well I keep seeing "eval really is dangerous" and "eval is a bad practice". All these statements have some validity to them, but there is almost always a better way to do what you want to acomplish. Cval tackles the "eval really is dangerous" mindset, if you must use eval for a public project use cval.

Exploiting

I encourage you to break my script, report even the smallest vulnerabilities in the issues, thanks!

Examples

These examples are focused purely on security rather then real world practical examples.

Disable module importing

cval(source='__import__("os")', modules=False)

Allow certain modules

cval(source='__import__("os")', modules=False, allowed_modules=["os"])

Disable function calls

cval(source=input(), calls=False)

Allow certain function calls

cval(source='print("Hello, World!")', calls=False, allowed_calls=["print"])

Block global variables

cval(source=input(), globals=globals(), gscope=False)

Block local variables

cval(source=input(), locals=locals(), lscope=False)