examples icon indicating copy to clipboard operation
examples copied to clipboard
verified publisher icon scanapi

Add example to test PR replacing eval() with RestrictedPython

Open camilamaia opened this issue 8 months ago • 2 comments

Description

This issue tracks the creation of an example (using an existing API or introducing a new one) to validate and demonstrate the changes introduced in the PR that replaces Python’s unsafe eval() with [RestrictedPython](https://restrictedpython.readthedocs.io/).

Goal

Provide a practical example that exercises the new secure code evaluation flow, ensuring the improvements are correctly integrated and easy to test.

Acceptance Criteria

  • [ ] Create a new example (or adapt an existing one) showcasing dynamic expression evaluation in ScanAPI.
  • [ ] Ensure the example covers at least one safe module usage (e.g., datetime, math).
  • [ ] Confirm that unsafe operations (e.g., open, exec, system calls) are correctly blocked.
  • [ ] Document the example so contributors can use it to test the PR changes.
  • [ ] Integrate the example into the ScanAPI run examples workflow as an automated end-to-end (E2E) test, so it is executed in CI.

Why this matters: The PR makes a major security improvement by removing direct calls to eval() and using RestrictedPython with a controlled environment. Having a runnable example ensures contributors can easily test and verify the behavior locally, while the E2E test in CI guarantees ongoing validation of these security constraints.

camilamaia avatar Aug 20 '25 13:08 camilamaia

I can take this up!

Pradhvan avatar Aug 20 '25 13:08 Pradhvan

This guy is on fire!!!! 🔥🔥🔥🔥🔥

camilamaia avatar Aug 20 '25 15:08 camilamaia