kwcoco.util.util_eval module¶

Defines a safer eval function

exception kwcoco.util.util_eval.RestrictedSyntaxError[source]¶

Bases: Exception

An exception raised by restricted_eval if a disallowed expression is given

kwcoco.util.util_eval.restricted_eval(expr, max_chars=32, local_dict=None, builtins_passlist=None)[source]¶

A restricted form of Python’s eval that is meant to be slightly safer

Parameters:

expr (str) – the expression to evaluate
max_char (int) – expression cannot be more than this many characters
local_dict (Dict[str, Any]) – a list of variables allowed to be used
builtins_passlist (List[str] | None) – if specified, only allow use of certain builtins

References

https://realpython.com/python-eval-function/#minimizing-the-security-issues-of-eval

Notes

This function may not be safe, but it has as many mitigation measures that I know about. This function should be audited and possibly made even more restricted. The idea is that this should just be used to evaluate numeric expressions.

Example

>>> from kwcoco.util.util_eval import *  # NOQA
>>> builtins_passlist = ['min', 'max', 'round', 'sum']
>>> local_dict = {}
>>> max_chars = 32
>>> expr = 'max(3 + 2, 9)'
>>> result = restricted_eval(expr, max_chars, local_dict, builtins_passlist)
>>> expr = '3 + 2'
>>> result = restricted_eval(expr, max_chars, local_dict, builtins_passlist)
>>> expr = '3 + 2'
>>> result = restricted_eval(expr, max_chars)
>>> import pytest
>>> with pytest.raises(RestrictedSyntaxError):
>>>     expr = 'max(a + 2, 3)'
>>>     result = restricted_eval(expr, max_chars, dict(a=3))