secure validation and evaluation of user-suppied python expressions
Project description
Usual python eval() function is very flexible, but very insecure, allowing user to supply malicious code like os.system(‘clear’) or worse.
(for example: http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html )
evalidate module allows to easily pre-compile user-supplied python expressions to AST-tree and validate it (or indicate problem with expression), so only safe expressions will be evaluated.
Whitelist of allowed operations could be supplied by programmer as arguments to functions.
Using it could be as simple as:
import evalidate src="a<b" # source code c={'a': 1, 'b': 2} # context, variables which will be available for code success,result = evalidate.safeeval(src,c)
Read more on readthedocs project page.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.