File: safe_eval.py

package info (click to toggle)
mma 21.09-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 51,828 kB
  • sloc: python: 16,751; sh: 26; makefile: 18; perl: 12
file content (65 lines) | stat: -rw-r--r-- 2,093 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# safe_eval.py

"""
This module is an integeral part of the program
MMA - Musical Midi Accompaniment.

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

Bob van der Poel <bob@mellowood.ca>

"""

# This code pretends to implement a "safe" eval(). It really
# isn't safe! There are many ways an evil coder can exploit
# the safeguards. Unfortunately, python just isn't written to
# have a really bullet proof eval(). Look at your scripts before
# running things blindly!

import re
from math import *
from random import randint
from os import environ
from MMA.common import *

safeCmds = ['ceil', 'fabs', 'floor', 'exp', 'log', 'log10', 'pow',
            'sqrt', 'acos', 'asin', 'atan', 'atan2', 'cos', 'hypot',
            'sin', 'tan', 'degrees', 'radians', 'cosh', 'sinh',
            'int', 'in', '.join', 'str', '.split', 'for', 'randint' ]


def safeEnv(var):
    """ Return the value of an env variable. 
        On my system non-existant env vars register as None and
        vars set to '' return as '' ... so we convert them all to
        ''. MMA doesn't have a NoneType.
    """

    ret = environ.get(var)
    if ret == None:
        ret == ''
    return ret

def safeEval(expr):
    toks = re.split(r'([a-zA-Z_\.]+|.)', expr)

    for t in toks:
        if len(t) > 1 and t not in safeCmds:
            error("Illegal/Unknown operator '%s' in $()." % t)
    try:
        return eval(expr)
    except:
        error("Illegal operation in '%s'." % expr)