sympy_gamma icon indicating copy to clipboard operation
sympy_gamma copied to clipboard

Published 20 hours ago verified publisher icon sympy

about safety of eval function

Open abhinov2 opened this issue 7 years ago • 5 comments

have few queries

  1. sympy-gamma uses eval function. is it safe if i try to integrate it in my site?
  2. if not safe then wat cud be work around it?

abhinov2 avatar Jul 28 '17 16:07 abhinov2

@ellisonbg have few queries

sympy-gamma uses eval function. is it safe if i try to integrate it in my site? if not safe then wat cud be work around it?

abhinov2 avatar Jul 28 '17 18:07 abhinov2

Hi @abhinov2

  1. No, it is not safe in general. For Gamma, we do not care because it is running on Google's infrastructure, but this is still unsafe.
  2. You would have to write a parser to replace sympify that does not use eval.

lidavidm avatar Jul 30 '17 23:07 lidavidm

Hi @lidavidm Q1. Tell me one thing , this parser you talking about is for sympy or sympygamma ?

abhinov2 avatar Jul 31 '17 17:07 abhinov2

The parser would be for either. It does not exist (AFAIK, maybe SymPy has one now) and you would need to implement it.

lidavidm avatar Jul 31 '17 22:07 lidavidm

Work in progress on this here https://github.com/sympy/sympy/pull/12524 (but I haven't worked on it in a while).

asmeurer avatar Aug 01 '17 04:08 asmeurer