Consider switching to `github.com/antonmedv/expr` for expression evaluation

[antonmedv]

Hello,

I'd like to recommend considering a change in the expression evaluation library you currently use (github.com/Knetic/govaluate) to github.com/antonmedv/expr. Here's a concise rundown of the advantages expr offers:

1. Safety & Isolation: Prevents access to the Go runtime and its reflection.
2. Memory-Safe: Guards against common vulnerabilities like buffer overflows.
3. Side-Effect-Free: Ensures predictable and reliable evaluations.
4. Always Terminating: No risk of deadlocks; ensures performance isn't hindered.
5. Static Typing: Catches type errors early, enhancing robustness.
6. Optimized for Speed: Faster evaluations for improved overall performance.

Given these advantages, I believe expr might better serve the needs of your project. Your feedback or thoughts would be appreciated.

Best regards, Anton

[Ice3man543]

Hi @antonmedv,

great work on the expr library. I was looking at it a while back as govaluate alternative and it seemed very promising.

I did go through this - https://github.com/antonmedv/expr/issues/261 but i have a similar question, are the govaluate and expr syntaxes indetical?

I mean to ask whether we can drop in replace expr with our custom https://github.com/projectdiscovery/dsl functions defined here or will we need to make changes breaking current implementation?

[antonmedv]

Yes, for sure! Adding your own function to expr is very straightforward and you can use https://github.com/projectdiscovery/dsl.

Expr and govaluate very similar, but have some little differences in syntax. For example a =~ b vs a matches b. Right now I'm researching how difficult it will be to write a transformer from govaluate to expr.