safeEval: Get rid of eval().

It should be safe considering the AST sanity checks,
but I don't see any point in keeping it.
This commit is contained in:
Valentin Lorentz 2020-05-15 18:31:04 +02:00
parent 6f4e3a2dbd
commit 3d1e88cb68

View File

@ -202,12 +202,9 @@ def safeEval(s, namespace=None):
else: else:
return False return False
if checkNode(node): if checkNode(node):
if namespace is None: # Probably equivalent to eval() because checkNode(node) is True,
return eval(s, namespace, namespace) # but it's an extra security.
else: return ast.literal_eval(node)
# Probably equivalent to eval() because checkNode(node) is True,
# but it's an extra security.
return ast.literal_eval(node)
else: else:
raise ValueError(format('Unsafe string: %q', s)) raise ValueError(format('Unsafe string: %q', s))