A layer of protection for pythons eval
Project description
About
A decently simple script that uses regular expression to add a layer of protection to eval. Why? Well I keep seeing "eval really is dangerous" and "eval is a bad practice". All these statements have some validity to them, but there is almost always a better way to do what you want to acomplish. Cval tackles the "eval really is dangerous" mindset, if you must use eval for a public project use cval.
Exploiting
I encourage you to break my script, report even the smallest vulnerabilities in the issues, thanks!
Examples
These examples are focused purely on security rather then real world practical examples.
Disable module importing
cval(source='__import__("os")', modules=False)
Allow certain modules
cval(source='__import__("os")', modules=False, allowed_modules=["os"])
Disable function calls
cval(source=input(), calls=False)
Allow certain function calls
cval(source='print("Hello, World!")', calls=False, allowed_calls=["print"])
Block global variables
cval(source=input(), globals=globals(), gscope=False)
Block local variables
cval(source=input(), locals=locals(), lscope=False)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cval-0.1.1.tar.gz
(16.6 kB
view hashes)
Built Distribution
cval-0.1.1-py3-none-any.whl
(15.8 kB
view hashes)