Page 1 of 1
Python's eval() function
Posted: Thu Jun 04, 2015 11:57 pm
by BackRaw
Hi all,
I remember back in the EventScripts days that the use of Python's eval() function was a 'potential risk' or something like that. I wonder if this is still true for SP because I want to make a calculator lol
Posted: Fri Jun 05, 2015 12:03 am
by necavi
It absolutely is. There's no true way to sandbox it, but you can do things to help restrict it if you like.
Posted: Fri Jun 05, 2015 12:15 am
by BackRaw
necavi wrote:It absolutely is. There's no true way to sandbox it, but you can do things to help restrict it if you like.
True, but I'm not sure how I would go about that one tho
Posted: Fri Jun 05, 2015 12:20 am
by necavi
Read up on it? SourcePython's eval is the same as any other python eval, to my knowledge. There's a fuckton of information on the internet for you.
Posted: Fri Jun 05, 2015 12:22 am
by BackRaw
Maybe sometime.
Posted: Fri Jun 05, 2015 1:00 pm
by Mahi
You're better off parsing a string, looking for calculations, rather than trying to use eval on it.
Posted: Fri Jun 05, 2015 1:25 pm
by satoon101
Not 100% sure of what you are looking to do, but you 'could' also create a temp.py file within your plugins directory with a variable equaling the equation and try to import that value.
Posted: Fri Jun 05, 2015 6:56 pm
by stonedegg
I heard ast.literal_eval() is better
Posted: Fri Jun 05, 2015 7:14 pm
by Ayuto
Well, it does not allow you to use operators.
Check the docs:
https://docs.python.org/3.4/library/ast.html#ast.literal_eval
Posted: Fri Jun 05, 2015 10:58 pm
by BackRaw
I'll go with parsing the string i have an idea