Timmy-time-dashboard

Rockachopa/Timmy-time-dashboard

Fork 2

Commit Graph

Author	SHA1	Message	Date
Kimi Agent	70d5dc5ce1	fix: replace eval() with AST-walking safe evaluator in calculator Some checks failed Tests / lint (push) Successful in 3s Details Tests / test (push) Failing after 14s Details Fixes #52 - Replace eval() in calculator() with _safe_eval() that walks the AST and only permits: numeric constants, arithmetic ops (+,-,,/,//,%,*), unary +/-, math module access, and whitelisted builtins (abs, round, min, max) - Reject all other syntax: imports, attribute access on non-math objects, lambdas, comprehensions, string literals, etc. - Add 39 tests covering arithmetic, precedence, math functions, allowed builtins, error handling, and 14 injection prevention cases	2026-03-14 15:51:35 -04:00

Author

SHA1

Message

Date

Kimi Agent

70d5dc5ce1

fix: replace eval() with AST-walking safe evaluator in calculator

Tests / lint (push) Successful in 3s

Details

Tests / test (push) Failing after 14s

Details

Fixes #52

- Replace eval() in calculator() with _safe_eval() that walks the AST
  and only permits: numeric constants, arithmetic ops (+,-,*,/,//,%,**),
  unary +/-, math module access, and whitelisted builtins (abs, round,
  min, max)
- Reject all other syntax: imports, attribute access on non-math objects,
  lambdas, comprehensions, string literals, etc.
- Add 39 tests covering arithmetic, precedence, math functions,
  allowed builtins, error handling, and 14 injection prevention cases

2026-03-14 15:51:35 -04:00

1 Commits