asteval
minimalistic evaluator of python expression using ast module (by newville)
piston
A high performance general purpose code execution engine. (by engineer-man)
| asteval | piston | |
|---|---|---|
| 3 | 19 | |
| 0 | 1,761 | |
| - | 2.6% | |
| 7.0 | 5.8 | |
| about 2 months ago | 3 days ago | |
| Python | JavaScript | |
| MIT License | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
asteval
Posts with mentions or reviews of asteval.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-30.
-
evalidate - Safe evaluation of untrusted user-supplied python expression
There is asteval project. It makes more poweful (ans slower) virtual python interpreter which you can use to run many commands in shared context. My benchmark (100 000 runs of simple python expressions):
-
evalidate: secure eval() for python
If compare to asteval (which is actually has much more features), evalidate is much faster in my benchmarks (benchmark code in repo): 0.017s vs 1.232s
-
A simple, kind-of "safe" eval ?
But, literals are not good enough very often, and one may want to do "len(foo)+bar[i]" , so I went searching trying to find a good implementation. I dug and found asteval, but this issue I raised breaks it for me, apart from the fact that I try not to rely on too many modules beyond the standard library + it has a bunch of peculiarities that make it not a real drop-in replacement to eval().
piston
Posts with mentions or reviews of piston.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-12.
-
Ask HN: Secure Python code execution environment
and public reviews (as well as reviews on similar approaches [1]), the approach does not seem to satisfy my requirements. After some additional searching, I found a possible dockerized solution:
https://github.com/engineer-man/piston
I want to ask the HN community if anybody has experience in this problem space and what solutions they would suggest. Is the Piston's dockerized approach secure enough to be used in production systems?
I would really appreciate any insights anyone could provide.
-
[leetcode Java] I am working on problem 1603. Design Parking System, but am unable to see why inclusion of if/else statements are effecting runtime
Anything in the milliseconds is pretty large for fast languages, so I think it could be something to do with the way that they sandbox submissions. Ultimately I dunno, but it is interesting to speculate how they do it, maybe some cheesed Linux containers like piston / https://github.com/engineer-man/piston or something. Heavily altered runtime could swing a few ms here or there, so that's the logic for not relying on Leetcode for accurate assumptions, I guess
-
Can anyone tell me why it'd be a bad idea to open up my filesystem to read-only SSH access from the internet?
If you're deadset on the absurd madness you can attempt to use a community "punching bag" container, like https://github.com/engineer-man/piston, something like that or a honeypot that's tuned to resist abuses of the infra. But that way lies pain, lots of pain and dogecoin miners, rats, and trojans. Regular precautions won't be enough, and even a locked-down container/VM is likely only a matter of time. Decent hackers' bots are gonna run down a giant list of stuff from metasploit and there's probably something in open-enough userland that can be abused for escape.
-
How can I build an automated code testing platform?
I don't know if there is any resource availible to read specifically for this problem. But here is what I found on a quick google search: https://github.com/engineer-man/piston
-
[AskJS] Suggest me some online Code execution engine
I found some open-source projects like piston and Judge0. But there are some limitations like the number of requests per second, etc.
-
YouBit - Host any file on YouTube for free
You should consider using something like piston. This way they can run code in a sandboxed way and you don’t have to worry. You can host it yourself and let them use that which probably yields the best results but there is also a free hosted version you can use. You could even make a simple website wrapper for the students to use to run their code.
-
A project of mine called Notium, a notetaking app for CS students
The code runner is https://github.com/engineer-man/piston
-
How to build a codecademy clone that runs code in the browser?
Biggest one: https://github.com/engineer-man/piston Made with Go lang: https://github.com/ranna-go/ranna Something here: https://github.com/jakhax/sandman
-
A Python Jupyter Kernel in Slack. Just send Python code as a message!
why not use a secure code execution engine like python-discord/snekbox or engineer-man/piston though?
- A High Performance Code Execution Engine
What are some alternatives?
When comparing asteval and piston you can also consider the following projects:
snekbox - Easy, safe evaluation of arbitrary Python code