Evalidate is python module for safe eval()'uating user-supplied (possible malicious) logical expressions in python syntax.
Install: pip3 install evalidate
Usage:
from evalidate import safeeval, EvalException
src="a+b" # source code
# src="__import__('os').system('clear')"
c={'a': 1, 'b': 2} # context, variables which will be available for code
try:
result = safeeval(src,c)
print(result)
except EvalException as e:
print("ERR:", e)
Gives output:
3
In case of dangerous code src="__import__('os').system('clear')"
output will be: ERR: Operation type Call is not allowed
Evalidate can be easily configured to allow/restrict special function calls (e.g. allow int() function, but not os.system())
If compare to asteval (which is actually has much more features), evalidate is much faster in my benchmarks (benchmark code in repo): 0.017s vs 1.232s
Git repo: https://github.com/yaroslaff/evalidate
Top comments (0)