Closed wienans closed 8 months ago
@wienans I gave it another thought and maybe something like described here https://twosixtech.com/blog/hijacking-the-ast-to-safely-handle-untrusted-python/ would be useful. Using ast.parse and limiting the input tokens to a few known ones would lower my concerns regarding outside definable formulas. If you want you can give it a shot, likely I won't have the time to look into it before the end of this month
@priv-kweihmann i also found the ast library und thought about it. But at the end for my purpose need to parse the JSON output anyway and then I could calculate the index with my formular for calibration too. Maybe I will think about it and implement it. But at the end in case of safety calculating a non standard index via the output with a other Skript seems the correct option even if I first thought it would be nice to quickly change the formula in cli and make this also available for all.
@priv-kweihmann i also found the ast library und thought about it. But at the end for my purpose need to parse the JSON output anyway and then I could calculate the index with my formular for calibration too. Maybe I will think about it and implement it. But at the end in case of safety calculating a non standard index via the output with a other Skript seems the correct option even if I first thought it would be nice to quickly change the formula in cli and make this also available for all.
sounds like the right way (tm) to me :-). Just in case I would welcome PRs describing this "post processing" as part of the README
Decision to not implement it and rather use the output json with additional script
As some of the metrics are not as standardized to the main maintainability index i found it helpful to provide my own formula via CLI. To Calibrate it for my projects.
If the individual flag is given without formula it will calculate the classic index.