{"id":13501336,"url":"https://github.com/danthedeckie/simpleeval","last_synced_at":"2026-02-21T03:02:17.650Z","repository":{"id":12261693,"uuid":"14879712","full_name":"danthedeckie/simpleeval","owner":"danthedeckie","description":"Simple Safe Sandboxed Extensible Expression Evaluator for Python","archived":false,"fork":false,"pushed_at":"2024-12-20T10:03:59.000Z","size":293,"stargazers_count":544,"open_issues_count":12,"forks_count":88,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-10-21T05:44:40.048Z","etag":null,"topics":["evaluation","library","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danthedeckie.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-12-03T01:02:54.000Z","updated_at":"2025-10-20T15:34:15.000Z","dependencies_parsed_at":"2024-04-05T05:31:08.278Z","dependency_job_id":"adca2516-d757-4fb3-a6c4-46fd40b5ad2c","html_url":"https://github.com/danthedeckie/simpleeval","commit_stats":{"total_commits":217,"total_committers":30,"mean_commits":7.233333333333333,"dds":0.7373271889400922,"last_synced_commit":"0e173c81cf07e9dcd0f4a7183a495723c71d4a99"},"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/danthedeckie/simpleeval","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthedeckie%2Fsimpleeval","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthedeckie%2Fsimpleeval/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthedeckie%2Fsimpleeval/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthedeckie%2Fsimpleeval/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danthedeckie","download_url":"https://codeload.github.com/danthedeckie/simpleeval/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthedeckie%2Fsimpleeval/sbom","scorecard":{"id":321843,"data":{"date":"2025-08-11","repo":{"name":"github.com/danthedeckie/simpleeval","commit":"49cc533f2c502d058910c0a66ea15eb5c87de377"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Code-Review","score":4,"reason":"Found 5/11 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/danthedeckie/simpleeval/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/danthedeckie/simpleeval/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/danthedeckie/simpleeval/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/danthedeckie/simpleeval/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/danthedeckie/simpleeval/ci.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:14","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:49","Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned","Info: 0 out of 1 third-party GitHubAction dependencies pinned","Info: 0 out of 2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENCE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.9.13 not signed: https://api.github.com/repos/danthedeckie/simpleeval/releases/92817790","Warn: release artifact 0.9.13 does not have provenance: https://api.github.com/repos/danthedeckie/simpleeval/releases/92817790"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T01:34:06.879Z","repository_id":12261693,"created_at":"2025-08-18T01:34:06.879Z","updated_at":"2025-08-18T01:34:06.879Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29672258,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T00:11:43.526Z","status":"online","status_checked_at":"2026-02-21T02:00:07.432Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["evaluation","library","python"],"created_at":"2024-07-31T22:01:33.785Z","updated_at":"2026-02-21T03:02:17.626Z","avatar_url":"https://github.com/danthedeckie.png","language":"Python","readme":"simpleeval (Simple Eval)\n========================\n\n.. |build-status| image:: https://github.com/danthedeckie/simpleeval/actions/workflows/ci.yml/badge.svg?branch=main\n :target: https://github.com/danthedeckie/simpleeval/actions/\n :alt: Build Status\n\n.. |code-coverage| image:: https://codecov.io/gh/danthedeckie/simpleeval/branch/main/graph/badge.svg?token=isRnN1yrca\n :target: https://codecov.io/gh/danthedeckie/simpleeval\n :alt: Code Coverage Status\n\n.. |pypi-version| image:: https://img.shields.io/pypi/v/simpleeval\n :target: https://badge.fury.io/py/simpleeval\n :alt: PyPI - Version\n\n.. |python-versions| image:: https://img.shields.io/badge/python-3.9_%7C_3.10_%7C_3.11_%7C_3.12_%7C_3.13_%7C_PyPy3.9_%7C_PyPy3.10-blue\n :alt: Static Badge\n\n.. |pypi-monthly-downloads| image:: https://img.shields.io/pypi/dm/SimpleEval\n :alt: PyPI - Downloads\n\n.. |formatting-with-ruff| image:: https://img.shields.io/badge/-ruff-black?logo=lightning\u0026logoColor=%2300ff00\u0026link=https%3A%2F%2Fdocs.astral.sh%2Fruff%2F\n :alt: Static Badge\n\n|build-status| |code-coverage| |pypi-version| |python-versions| |pypi-monthly-downloads| |formatting-with-ruff|\n\n\nA single file library for easily adding evaluatable expressions into\npython projects. Say you want to allow a user to set an alarm volume, which\ncould depend on the time of day, alarm level, how many previous alarms had gone\noff, and if there is music playing at the time.\n\nOr if you want to allow simple formulae in a web application, but don't want to\ngive full eval() access, or don't want to run in javascript on the client side.\n\nIt's deliberately trying to stay simple to use and not have millions of features,\npull it in from PyPI (pip or easy_install), or even just a single file you can dump\ninto a project.\n\nInternally, it's using the amazing python ``ast`` module to parse the\nexpression, which allows very fine control of what is and isn't allowed. It\nshould be completely safe in terms of what operations can be performed by the\nexpression.\n\nThe only issue I know to be aware of is that you can create an expression which\ntakes a long time to evaluate, or which evaluating requires an awful lot of\nmemory, which leaves the potential for DOS attacks. There is basic protection\nagainst this, and you can lock it down further if you desire. (see the\nOperators_ section below)\n\nYou should be aware of this when deploying in a public setting.\n\nThe defaults are pretty locked down and basic, and it's easy to add\nwhatever extra specific functionality you need (your own functions,\nvariable/name lookup, etc).\n\nBasic Usage\n-----------\n\nTo get very simple evaluating:\n\n.. code-block:: python\n\n from simpleeval import simple_eval\n\n simple_eval(\"21 + 21\")\n\nreturns ``42``.\n\nExpressions can be as complex and convoluted as you want:\n\n.. code-block:: python\n\n simple_eval(\"21 + 19 / 7 + (8 % 3) ** 9\")\n\nreturns ``535.714285714``.\n\nYou can add your own functions in as well.\n\n.. code-block:: python\n\n simple_eval(\"square(11)\", functions={\"square\": lambda x: x*x})\n\nreturns ``121``.\n\nFor more details of working with functions, read further down.\n\nNote:\n~~~~~\nall further examples use ``\u003e\u003e\u003e`` to designate python code, as if you are using\nthe python interactive prompt.\n\n.. _Operators:\n\nOperators\n---------\nYou can add operators yourself, using the ``operators`` argument, but these are\nthe defaults:\n\n+--------+------------------------------------+\n| ``+`` | add two things. ``x + y`` |\n| | ``1 + 1`` -\u003e ``2`` |\n+--------+------------------------------------+\n| ``-`` | subtract two things ``x - y`` |\n| | ``100 - 1`` -\u003e ``99`` |\n+--------+------------------------------------+\n| ``/`` | divide one thing by another |\n| | ``x / y`` |\n| | ``100/10`` -\u003e ``10`` |\n+--------+------------------------------------+\n| ``*`` | multiple one thing by another |\n| | ``x * y`` |\n| | ``10 * 10`` -\u003e ``100`` |\n+--------+------------------------------------+\n| ``**`` | 'to the power of' ``x**y`` |\n| | ``2 ** 10`` -\u003e ``1024`` |\n+--------+------------------------------------+\n| ``%`` | modulus. (remainder) ``x % y`` |\n| | ``15 % 4`` -\u003e ``3`` |\n+--------+------------------------------------+\n| ``==`` | equals ``x == y`` |\n| | ``15 == 4`` -\u003e ``False`` |\n+--------+------------------------------------+\n| ``\u003c`` | Less than. ``x \u003c y`` |\n| | ``1 \u003c 4`` -\u003e ``True`` |\n+--------+------------------------------------+\n| ``\u003e`` | Greater than. ``x \u003e y`` |\n| | ``1 \u003e 4`` -\u003e ``False`` |\n+--------+------------------------------------+\n| ``\u003c=`` | Less than or Equal to. ``x \u003c= y`` |\n| | ``1 \u003c 4`` -\u003e ``True`` |\n+--------+------------------------------------+\n| ``\u003e=`` | Greater or Equal to ``x \u003e= 21`` |\n| | ``1 \u003e= 4`` -\u003e ``False`` |\n+--------+------------------------------------+\n| ``\u003e\u003e`` | \"Right shift\" the number. |\n| | ``100 \u003e\u003e 2`` -\u003e ``25`` |\n+--------+------------------------------------+\n| ``\u003c\u003c`` | \"Left shift\" the number. |\n| | ``100 \u003c\u003c 2`` -\u003e ``400`` |\n+--------+------------------------------------+\n| ``in`` | is something contained within |\n| | something else. |\n| | ``\"spam\" in \"my breakfast\"`` |\n| | -\u003e ``False`` |\n+--------+------------------------------------+\n| ``^`` | \"bitwise exclusive OR\" (xor) |\n| | ``62 ^ 20`` -\u003e ``42`` |\n+--------+------------------------------------+\n| ``|`` | \"bitwise OR\" |\n| | ``8 | 34`` -\u003e ``42`` |\n+--------+------------------------------------+\n| ``\u0026`` | \"bitwise AND\" |\n| | ``100 \u0026 63`` -\u003e ``36`` |\n+--------+------------------------------------+\n| ``~`` | \"bitwise invert\" |\n| | ``~ -43`` -\u003e ``42`` |\n+--------+------------------------------------+\n\n\nThe ``^`` operator is often mistaken for a exponent operator, not the bitwise \noperation that it is in python, so if you want ``3 ^ 2`` to equal ``9``, you can\nreplace the operator like this:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e import ast\n \u003e\u003e\u003e from simpleeval import safe_power\n\n \u003e\u003e\u003e s = SimpleEval()\n \u003e\u003e\u003e s.operators[ast.BitXor] = safe_power\n\n \u003e\u003e\u003e s.eval(\"3 ^ 2\")\n 9\n\nfor example.\n\nLimited Power\n~~~~~~~~~~~~~\n\nAlso note, the ``**`` operator has been locked down by default to have a\nmaximum input value of ``4000000``, which makes it somewhat harder to make\nexpressions which go on for ever. You can change this limit by changing the\n``simpleeval.MAX_POWER`` module level value to whatever is an appropriate value\nfor you (and the hardware that you're running on) or if you want to completely\nremove all limitations, you can set the ``s.operators[ast.Pow] = operator.pow``\nor make your own function.\n\nOn my computer, ``9**9**5`` evaluates almost instantly, but ``9**9**6`` takes\nover 30 seconds. Since ``9**7`` is ``4782969``, and so over the ``MAX_POWER``\nlimit, it throws a ``NumberTooHigh`` exception for you. (Otherwise it would go\non for hours, or until the computer runs out of memory)\n\nStrings (and other Iterables) Safety\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nThere are also limits on string length (100000 characters,\n``MAX_STRING_LENGTH``). This can be changed if you wish.\n\nRelated to this, if you try to create a silly long string/bytes/list, by doing\n``'i want to break free'.split() * 9999999999`` for instance, it will block you.\n\nIf Expressions\n--------------\n\nYou can use python style ``if x then y else z`` type expressions:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e simple_eval(\"'equal' if x == y else 'not equal'\",\n names={\"x\": 1, \"y\": 2})\n 'not equal'\n\nwhich, of course, can be nested:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e simple_eval(\"'a' if 1 == 2 else 'b' if 2 == 3 else 'c'\")\n 'c'\n\n\nFunctions\n---------\n\nYou can define functions which you'd like the expressions to have access to:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e simple_eval(\"double(21)\", functions={\"double\": lambda x:x*2})\n 42\n\nYou can define \"real\" functions to pass in rather than lambdas, of course too,\nand even re-name them so that expressions can be shorter\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e def double(x):\n return x * 2\n \u003e\u003e\u003e simple_eval(\"d(100) + double(1)\", functions={\"d\": double, \"double\":double})\n 202\n\nIf you don't provide your own ``functions`` dict, then the the following defaults\nare provided in the ``DEFAULT_FUNCTIONS`` dict:\n\n+----------------+--------------------------------------------------+\n| ``randint(x)`` | Return a random ``int`` below ``x`` |\n+----------------+--------------------------------------------------+\n| ``rand()`` | Return a random ``float`` between 0 and 1 |\n+----------------+--------------------------------------------------+\n| ``int(x)`` | Convert ``x`` to an ``int``. |\n+----------------+--------------------------------------------------+\n| ``float(x)`` | Convert ``x`` to a ``float``. |\n+----------------+--------------------------------------------------+\n| ``str(x)`` | Convert ``x`` to a ``str`` |\n+----------------+--------------------------------------------------+\n\nIf you want to provide a list of functions, but want to keep these as well,\nthen you can do a normal python ``.copy()`` \u0026 ``.update``:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e my_functions = simpleeval.DEFAULT_FUNCTIONS.copy()\n \u003e\u003e\u003e my_functions.update(\n square=(lambda x:x*x),\n double=(lambda x:x+x),\n )\n \u003e\u003e\u003e simple_eval('square(randint(100))', functions=my_functions)\n\nNames\n-----\n\nSometimes it's useful to have variables available, which in python terminology\nare called 'names'.\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e simple_eval(\"a + b\", names={\"a\": 11, \"b\": 100})\n 111\n\nYou can also hand the handling of names over to a function, if you prefer:\n\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e def name_handler(node):\n return ord(node.id[0].lower(a))-96\n\n \u003e\u003e\u003e simple_eval('a + b', names=name_handler)\n 3\n\nThat was a bit of a silly example, but you could use this for pulling values\nfrom a database or file, looking up spreadsheet cells, say, or doing some kind of caching system.\n\nIn general, when it attempts to find a variable by name, if it cannot find one,\nthen it will look in the ``functions`` for a function of that name. If you want your name handler\nfunction to return an \"I can't find that name!\", then it should raise a ``simpleeval.NameNotDefined`` \nexception. Eg:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e def name_handler(node):\n ... if node.id[0] == 'a':\n ... return 21\n ... raise NameNotDefined(node.id[0], \"Not found\")\n ...\n ... simple_eval('a + a', names=name_handler, functions={\"b\": 100})\n\n 42\n\n \u003e\u003e\u003e simple_eval('a + b', names=name_handler, functions={'b': 100})\n 121\n\n(Note: in that example, putting a number directly into the ``functions`` dict was done just to\nshow the fall-back to functions. Normally only put actual callables in there.)\n\n\nThe two default names that are provided are ``True`` and ``False``. So if you want to provide\nyour own names, but want ``True`` and ``False`` to keep working, either provide them yourself,\nor ``.copy()`` and ``.update`` the ``DEFAULT_NAMES``. (See functions example above).\n\nCreating an Evaluator Class\n---------------------------\n\nRather than creating a new evaluator each time, if you are doing a lot of\nevaluations, you can create a SimpleEval object, and pass it expressions each\ntime (which should be a bit quicker, and certainly more convenient for some use\ncases):\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e s = SimpleEval()\n\n \u003e\u003e\u003e s.eval(\"1 + 1\")\n 2\n\n \u003e\u003e\u003e s.eval('100 * 10')\n 1000\n\n # and so on...\n\nOne useful feature of using the ``SimpleEval`` object is that you can parse an expression\nonce, and then evaluate it multiple times using different ``names``:\n\n.. code-block:: python\n\n # Set up \u0026 Cache the parse tree:\n expression = \"foo + bar\"\n parsed = s.parse(expression)\n\n # evaluate the expression multiple times:\n for names in [{\"foo\": 1, \"bar\": 10}, {\"foo\": 100, \"bar\": 42}]:\n s.names = names\n print(s.eval(expression, previously_parsed=parsed))\n\nfor instance. This may help with performance.\n\nYou can assign / edit the various options of the ``SimpleEval`` object if you\nwant to. Either assign them during creation (like the ``simple_eval``\nfunction)\n\n.. code-block:: python\n\n def boo():\n return 'Boo!'\n\n s = SimpleEval(functions={\"boo\": boo})\n\nor edit them after creation:\n\n.. code-block:: python\n\n s.names['fortytwo'] = 42\n\nthis actually means you can modify names (or functions) with functions, if you\nreally feel so inclined:\n\n.. code-block:: python\n\n s = SimpleEval()\n def set_val(name, value):\n s.names[name.value] = value.value\n return value.value\n\n s.functions = {'set': set_val}\n\n s.eval(\"set('age', 111)\")\n\nSay. This would allow a certain level of 'scriptyness' if you had these\nevaluations happening as callbacks in a program. Although you really are\nreaching the end of what this library is intended for at this stage.\n\nCompound Types\n--------------\n\nCompound types (``dict``, ``tuple``, ``list``, ``set``) in general just work if\nyou pass them in as named objects. If you want to allow creation of these, the\n``EvalWithCompoundTypes`` class works. Just replace any use of ``SimpleEval`` with\nthat.\n\nThe ``EvalWithCompoundTypes`` class also contains support for simple comprehensions.\neg: ``[x + 1 for x in [1,2,3]]``. There's a safety `MAX_COMPREHENSION_LENGTH` to control\nhow many items it'll allow before bailing too. This also takes into account nested\ncomprehensions.\n\nSince the primary intention of this library is short expressions - an extra 'sweetener' is\nenabled by default. You can access a dict (or similar's) keys using the .attr syntax:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e simple_eval(\"foo.bar\", names={\"foo\": {\"bar\": 42}})\n 42\n\nfor instance. You can turn this off either by setting the module global `ATTR_INDEX_FALLBACK`\nto `False`, or on the ``SimpleEval`` instance itself. e.g. ``evaller.ATTR_INDEX_FALLBACK=False``.\n\nExtending\n---------\n\nThe ``SimpleEval`` class is pretty easy to extend. For instance, to create a\nversion that disallows method invocation on objects:\n\n.. code-block:: python\n\n import ast\n import simpleeval\n\n class EvalNoMethods(simpleeval.SimpleEval):\n def _eval_call(self, node):\n if isinstance(node.func, ast.Attribute):\n raise simpleeval.FeatureNotAvailable(\"No methods please, we're British\")\n return super(EvalNoMethods, self)._eval_call(node)\n\nand then use ``EvalNoMethods`` instead of the ``SimpleEval`` class.\n\nLimiting Attribute Access\n-------------------------\n\nObject attributes that start with ``_`` or ``func_`` are disallowed by default.\nIf you really need that (BE CAREFUL!), then modify the module global\n``simpleeval.DISALLOW_PREFIXES``.\n\nA few builtin functions are listed in ``simpleeval.DISALLOW_FUNCTIONS``. ``type``, ``open``, etc.\nIf you need to give access to this kind of functionality to your expressions, then be very\ncareful. You'd be better wrapping the functions in your own safe wrappers.\n\nThere is an additional layer of protection you can add in by passing in ``allowed_attrs``, which\nmakes all attribute access based opt-in rather than opt-out - which is a lot safer design:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e simpleeval(\"' hello '.strip()\", allowed_attrs={})\n\nwill throw FeatureNotAvailable - as we've now disabled all attribute access. You can enable some\nreasonably sensible defaults with BASIC_ALLOWED_ATTRS:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e from simpleeval import simpleeval, BASIC_ALLOWED_ATTRS\n \u003e\u003e\u003e simpleeval(\"' hello '.strip()\", allowed_attrs=BASIC_ALLOWED_ATTRS)\n\nis fine - ``strip()`` should be safe on strings.\n\nIt is recommended to add ``allowed_attrs=BASIC_ALLOWED_ATTRS`` whenever possible, and it will\nbe the default for 2.x.\n\nYou can add your own classes \u0026 limit access to attrs:\n\n.. code-block:: pycon\n\n \u003e\u003e\u003e from simpleeval import simpleeval, BASIC_ALLOWED_ATTRS\n \u003e\u003e\u003e class Foo:\n \u003e\u003e\u003e bar = 42\n \u003e\u003e\u003e hidden = \"secret\"\n \u003e\u003e\u003e\n \u003e\u003e\u003e our_attributes = BASIC_ALLOWED_ATTRS.copy()\n \u003e\u003e\u003e our_attributes[Foo] = {'bar'}\n \u003e\u003e\u003e simpleeval(\"foo.bar\", names={\"foo\": Foo()}, allowed_attrs=our_attributes)\n 42\n\n \u003e\u003e\u003e simpleeval(\"foo.hidden\", names={\"foo\": Foo()}, allowed_attrs=our_attributes)\n simpleeval.FeatureNotAvailable: Sorry, 'hidden' access not allowed on 'Foo'\n\nwill now allow access to `foo.bar` but not allow anything else.\n\n\nOther...\n--------\n\nThe library supports Python 3.9 and higher.\n\nThe initial idea came from J.F. Sebastian on Stack Overflow\n( http://stackoverflow.com/a/9558001/1973500 ) with modifications and many improvements,\nsee the head of the main file for contributors list.\n\nPlease read the ``test_simpleeval.py`` file for other potential gotchas or\ndetails. I'm very happy to accept pull requests, suggestions, or other issues.\nEnjoy!\n\nDeveloping\n----------\n\nRun tests::\n\n $ make test\n\nOr to set the tests running on every file change:\n\n $ make autotest\n\n(requires ``entr``) \n\nI'm trying to keep the codebase relatively clean with Black, isort, pylint \u0026 mypy.\nSee::\n\n $ make format\n\nand::\n\n $ make lint\n\nBEWARE\n------\n\nI've done the best I can with this library - but there's no warranty, no guarantee, nada. A lot of\nvery clever people think the whole idea of trying to sandbox CPython is impossible. Read the code\nyourself, and use it at your own risk.\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanthedeckie%2Fsimpleeval","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanthedeckie%2Fsimpleeval","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanthedeckie%2Fsimpleeval/lists"}