Edward-Ji
commented
3 years ago Partially fixed. Call to classes like Func(), Var() won't run. However, calls to built-in functions like print() still create unwanted results.
Open zwang20 opened 5 years ago
Edward-Ji
commented
3 years ago Partially fixed. Call to classes like Func(), Var() won't run. However, calls to built-in functions like print() still create unwanted results.
Edward-Ji
commented
2 years ago Python's built-in eval() method is notorious for its lack of security. There are multiple ways to improve it. If we require better security and functionality, we tend to need fancier methods. For starters, we can make it somewhat safer by limiting the environment. We can pass maths variables and functions as arguments instead of evaluating them in a global scope. If we demand even better security, we may need to convert to a standard library parse, like the one in ast. Or even better, we should write a custom parser. The rabbit hole just gets deeper and deeper.
Malicious code may be injected into the program through the function input