|
|
|
@ -41,6 +41,13 @@ def safe_eval(expr, locals={}, include_exceptions=False):
|
|
|
|
http://stackoverflow.com/questions/12523516/using-ast-and-whitelists-to-make-pythons-eval-safe
|
|
|
|
http://stackoverflow.com/questions/12523516/using-ast-and-whitelists-to-make-pythons-eval-safe
|
|
|
|
'''
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# define certain JSON types
|
|
|
|
|
|
|
|
# eg. JSON booleans are unknown to python eval()
|
|
|
|
|
|
|
|
JSON_TYPES = {
|
|
|
|
|
|
|
|
'false': False,
|
|
|
|
|
|
|
|
'true': True,
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# this is the whitelist of AST nodes we are going to
|
|
|
|
# this is the whitelist of AST nodes we are going to
|
|
|
|
# allow in the evaluation. Any node type other than
|
|
|
|
# allow in the evaluation. Any node type other than
|
|
|
|
# those listed here will raise an exception in our custom
|
|
|
|
# those listed here will raise an exception in our custom
|
|
|
|
@ -116,7 +123,7 @@ def safe_eval(expr, locals={}, include_exceptions=False):
|
|
|
|
parsed_tree = ast.parse(expr, mode='eval')
|
|
|
|
parsed_tree = ast.parse(expr, mode='eval')
|
|
|
|
cnv.visit(parsed_tree)
|
|
|
|
cnv.visit(parsed_tree)
|
|
|
|
compiled = compile(parsed_tree, expr, 'eval')
|
|
|
|
compiled = compile(parsed_tree, expr, 'eval')
|
|
|
|
result = eval(compiled, {}, dict(locals))
|
|
|
|
result = eval(compiled, JSON_TYPES, dict(locals))
|
|
|
|
|
|
|
|
|
|
|
|
if include_exceptions:
|
|
|
|
if include_exceptions:
|
|
|
|
return (result, None)
|
|
|
|
return (result, None)
|
|
|
|
|
Dag Wieers
9 years ago