asteval
evalidate
asteval | evalidate | |
---|---|---|
3 | 2 | |
0 | 21 | |
- | - | |
7.0 | 6.2 | |
2 months ago | 6 months ago | |
Python | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
asteval
-
evalidate - Safe evaluation of untrusted user-supplied python expression
There is asteval project. It makes more poweful (ans slower) virtual python interpreter which you can use to run many commands in shared context. My benchmark (100 000 runs of simple python expressions):
-
evalidate: secure eval() for python
If compare to asteval (which is actually has much more features), evalidate is much faster in my benchmarks (benchmark code in repo): 0.017s vs 1.232s
-
A simple, kind-of "safe" eval ?
But, literals are not good enough very often, and one may want to do "len(foo)+bar[i]" , so I went searching trying to find a good implementation. I dug and found asteval, but this issue I raised breaks it for me, apart from the fact that I try not to rely on too many modules beyond the standard library + it has a bunch of peculiarities that make it not a real drop-in replacement to eval().
evalidate
-
evalidate - Safe evaluation of untrusted user-supplied python expression
Here comes evalidate. Evalidate parses expression into AST-tree, and validates every node of tree. For example, you can forbid every function call (example with smartphone will still work, but os.system() will not) or you can whitelist specific safe functions like int(). It's simple to use:
-
evalidate: secure eval() for python
Evalidate is python module for safe eval()'uating user-supplied (possible malicious) logical expressions in python syntax.
What are some alternatives?
piston - A high performance general purpose code execution engine.
AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
snekbox - Easy, safe evaluation of arbitrary Python code
hydralit - A library to create multi-page Streamlit applications with ease.
vermin - Concurrently detect the minimum Python versions needed to run code
scinumtools - Essential tools for numerical scientific calculations, simulations and data analysis. Besides several useful tools, this package is featuring expression solver, physical units, material properties and dimensional input parameter modules.
klara - Automatic test case generation for python and static analysis library
vectorboard - Open Source Embeddings Optimisation and Eval Framework for RAG/LLM Applications. Documentations at https://docs.vectorboard.ai/introduction
scapy - Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.