|
A quick single-file MIT-Licenced library for easily adding evaluatable
expressions into python projects. Say you want to allow a user to set an alarm
volume, which could depend on the time of day, alarm level, how many previous
alarms had gone off, and if there is music playing at the time.
Or if you want to allow simple formulae in a web application, but don't want
to give full eval() access, or don't want to run in javascript on the client side.
It's deliberately very simple, just a single file you can dump into a project,
or import from pypi (pip or easy_install).
Internally, it's using the amazing python ast module to parse the expression,
which allows very fine control of what is and isn't allowed. It should be
completely safe in terms of what operations can be performed by the expression.
The only issue I know to be aware of is that you can create an expression which
takes a long time to evaluate, or which evaluating requires an awful lot of
memory, which leaves the potential for DOS attacks. There is basic protection
against this, and you can lock it down further if you desire.
You should be aware of this when deploying in a public setting.
The defaults are pretty locked down and basic, and it's very easy to add whatever
extra specific functionality you need (your own functions, variable/name lookup, etc).
|
