Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
But, literals are not good enough very often, and one may want to do "len(foo)+bar[i]" , so I went searching trying to find a good implementation. I dug and found asteval, but this issue I raised breaks it for me, apart from the fact that I try not to rely on too many modules beyond the standard library + it has a bunch of peculiarities that make it not a real drop-in replacement to eval().
the only way to do safe eval is with a purpose-made entirely locked down code execution engine, Piston is a popular one which supports multiple languages: https://github.com/engineer-man/piston
Theres also Snekbox, which we used over at python discord for the eval bot command: https://github.com/python-discord/snekbox
Related posts
- Ask HN: What is the safest way to replicate Repl.it like sites?
- Ask HN: Secure Python code execution environment
- [leetcode Java] I am working on problem 1603. Design Parking System, but am unable to see why inclusion of if/else statements are effecting runtime
- Can anyone tell me why it'd be a bad idea to open up my filesystem to read-only SSH access from the internet?
- How can I build an automated code testing platform?