Expression attribute source
I consider the proposed code as experimental and ,reading history on safe python code evaluation, very likely unsecure, so it's just for discussing.
It depends upon an untested safe-expression evaluator library1 which is the part likely unsecure. This library parse expression as python abstract syntax tree and only keep type of nodes deemed secure.
A secure implementation would maybe use a JS interpreter augmented with a sandbox2 module and should be able to flag "broken" code so that is not run anymore after detection (if the broken property can only be detected at runtime, like exceding the timeout).
Updated by Benjamin Dauvergne → en congés jusqu'au 29/08 almost 8 years ago