Sandboxing eval() (was: Calculator)
Stephan Lukits
stephan.lukits at gmail.com
Mon Jan 20 03:10:26 EST 2020
> On 19. Jan 2020, at 19:35, musbur at posteo.org wrote:
>
> Is it actually possible to build a "sandbox" around eval, permitting it
> only to do some arithmetic and use some math functions, but no
> filesystem acces or module imports?
>
> I have an application that loads calculation recipes (a few lines of
> variable assignments and arithmetic) from a database.
>
> exec(string, globals, locals)
>
> with locals containing the input variables, and globals has a
> __builtin__ object with a few math functions. It works, but is it safe?
https://github.com/danthedeckie/simpleeval
Might be a good starting point.
Greetings Stephan
More information about the Python-list
mailing list