Développement #5279
Expression attribute source
0%
Description
I consider the proposed code as experimental and ,reading history on safe python code evaluation, very likely unsecure, so it's just for discussing.
It depends upon an untested safe-expression evaluator library1 which is the part likely unsecure. This library parse expression as python abstract syntax tree and only keep type of nodes deemed secure.
A secure implementation would maybe use a JS interpreter augmented with a sandbox2 module and should be able to flag "broken" code so that is not run anymore after detection (if the broken property can only be detected at runtime, like exceding the timeout).
Files
History
Updated by Frédéric Péters over 10 years ago
What would the usecase be? I ask this because it looks to me like it duplicates the existing attributes_ng/sources/function.py module.
Updated by Benjamin Dauvergne over 10 years ago
It would be easier to configure through the UI, function.py can do more (I mean "have side effects") but you need to create a python module or put the definition in config.py to configure it. Expression attribute would use a safe and common language so that users of a SaaS service can code their own "smart" attributes. Java applications often use the Javascript interpreter provided by the JDK for that.