A layer of protection for pythons eval
Project description
Installation
I know many people don't care about the motives behind a program. I have put the installation at the top for this reason
Unix and Mac
python3 -m pip install cval
Windows
py -m pip install cval
About
A decently simple script that uses regular expression to add a layer of protection to eval. Why? Well I keep seeing "eval really is dangerous" and "eval is a bad practice". All these statements have some validity to them, but there is almost always a better way to do what you want to acomplish. Cval tackles the "eval really is dangerous" mindset, if you must use eval for a public project use cval.
Exploiting
I encourage you to break my script, report even the smallest vulnerabilities in the issues, thanks!
Examples
These examples are focused purely on security rather then real world practical examples.
Disable module importing
cval(source='__import__("os")', modules=False)
Output:
cval.IllegalSource: Cval panicked due to an illegal module import in source
Allow certain modules
cval(source='__import__("os")', modules=False, allowed_modules=["os"])
Disable function calls
cval(source='print("Hello, World!")', calls=False)
Output:
cval.IllegalSource: Cval panicked due to an illegal function call in source!
Allow certain function calls
cval(source='print("Hello, World!")', calls=False, allowed_calls=["print"])
Block global variables
password = "1234"
cval(source="password", globals=globals(), gscope=False)
Output:
cval.SuspiciousSource: Cval found global variable "password" in the source, killing for safety
Block local variables
password = "1234"
cval(source='password', locals=locals(), lscope=False)
Output:
Cval found local variable "password" in the source, killing for safety
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
