Replaced eval with asteval

brightway-lca / brightway2-io

Importing and exporting for the Brightway LCA framework

BSD 3-Clause "New" or "Revised" License

26 stars 40 forks source link

Replaced eval with asteval #201

Closed ccomb closed 1 year ago

ccomb commented 1 year ago

Replaced eval with asteval.

(extracted from #170 )

But still waiting for asteval 0.9.30 with newville/asteval#116 from @newville

ccomb commented 1 year ago

@cmutel asteval 0.9.30 is released, so this PR can be merged

cmutel commented 1 year ago

Thanks @ccomb

Can you please give a brief justification why we would want to support this more complicated option? I don't see a referenced issue or any text, maybe I just missed it.
Can you change isinstance(number, (int, float)) to isinstance(number, Number), and add from numbers import Number?
There are some whitespace or formatting changes included which don't reference the PR content. It would be better if these were removed (they can be submitted as a separate PR, I assume they acutally follow our formatting standards which is a good thing).

ccomb commented 1 year ago

eval is unsafe for arbitrary user input, as reminded by @BenPortner Or maybe you were expecting I replace asteval.Interpreter with bw2parameters.Interpreter and add bw2parameters as a dependency of bw2io ? Please tell

BenPortner commented 1 year ago

@ccomb

Or maybe you were expecting I replace asteval.Interpreter with bw2parameters.Interpreter

Exactly :)

and add bw2parameters as a dependency of bw2io

Yes. In fact, bw2parameters is already an indirect dependency of bw2io via bw2data. However, we should now add bw2parameters as a direct dependency in setup.py and requirements.txt.

ccomb commented 1 year ago

Replaced by #206