Kimi Agent 70d5dc5ce1 fix: replace eval() with AST-walking safe evaluator in calculator ...

Fixes #52

- Replace eval() in calculator() with _safe_eval() that walks the AST
  and only permits: numeric constants, arithmetic ops (+,-,*,/,//,%,**),
  unary +/-, math module access, and whitelisted builtins (abs, round,
  min, max)
- Reject all other syntax: imports, attribute access on non-math objects,
  lambdas, comprehensions, string literals, etc.
- Add 39 tests covering arithmetic, precedence, math functions,
  allowed builtins, error handling, and 14 injection prevention cases

2026-03-14 15:51:35 -04:00

4.8 KiB

Raw Permalink Blame History

View Raw