这是indexloc提供的服务,不要输入任何密码
Skip to content

fix(general): using asteval instead of using eval #7116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 50 commits into from
May 5, 2025
Merged

fix(general): using asteval instead of using eval #7116

merged 50 commits into from
May 5, 2025

Conversation

@lirshindalman
Copy link
Contributor

@lirshindalman lirshindalman commented Apr 22, 2025
edited
Loading

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

switch eval to asteval. This change ensures a safer evaluation environment by restricting operations to only those deemed secure, effectively reducing potential risks.

@Saarett
Copy link
Contributor

Saarett commented Apr 22, 2025

@lirshindalman Kindly update the root setup.py file as well, as it may otherwise prevent us from building Checkov into an executable and could result in the package not being included when installed via pip.

bo156
bo156 reviewed Apr 22, 2025
View reviewed changes
maxamel
maxamel reviewed Apr 23, 2025
View reviewed changes
bo156
bo156 reviewed Apr 23, 2025
View reviewed changes
@lirshindalman lirshindalman merged commit 5ddad08 into main May 5, 2025
46 checks passed
@lirshindalman lirshindalman deleted the using_asteval branch May 5, 2025 10:57
Saarett pushed a commit that referenced this pull request May 5, 2025
@lirshindalman @actions-user
fix(general): using asteval instead of using eval (#7116)
c84a8c1 
* using asteval instead of using eval

* .

* asteval==1.0.5

* add test

* empty_string

* empty_string

* empty_string

* empty_string

* using only SAFE_EVAL_DICT dict

* using only SAFE_EVAL_DICT dict

* support dict string with trailing

* support dict string with trailing

* add test_dict_as_string

* add test_dict_as_string

* add test_dict_as_string

* add performance_configurations

* add performance_configurations

* add performance_configurations

* add performance_configurations

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* min_rounds =8

* min_rounds =7

* min_rounds =7

* min_rounds =6

* min_rounds =5

* Linux 14

* min_rounds =10

* Linux 13

---------

Co-authored-by: lshindelman <lshindelman@paloaltonetworks.com>
@sourcery-ai sourcery-ai bot mentioned this pull request May 5, 2025
Merged
@tberreis tberreis mentioned this pull request May 16, 2025
Closed
thentenaar added a commit to thentenaar/checkov that referenced this pull request May 19, 2025
@thentenaar
Revert "fix(general): using asteval instead of using eval (bridgecrew…
9e80e2a 
…io#7116)"

This reverts commit 5ddad08.
thentenaar added a commit to thentenaar/checkov that referenced this pull request Jun 6, 2025
@thentenaar
Revert "fix(general): using asteval instead of using eval (bridgecrew…
9c8db4a 
…io#7116)"

This reverts commit 5ddad08.
thentenaar added a commit to thentenaar/checkov that referenced this pull request Jun 8, 2025
@thentenaar
Revert "fix(general): using asteval instead of using eval (bridgecrew…
4e377ab 
…io#7116)"

This reverts commit 5ddad08.
thentenaar added a commit to thentenaar/checkov that referenced this pull request Jun 9, 2025
@thentenaar
Revert "fix(general): using asteval instead of using eval (bridgecrew…
3f130df 
…io#7116)"

This reverts commit 5ddad08.
thentenaar added a commit to thentenaar/checkov that referenced this pull request Jun 9, 2025
@thentenaar
Revert "fix(general): using asteval instead of using eval (bridgecrew…
4a06a85 
…io#7116)"

This reverts commit 5ddad08.
thentenaar added a commit to thentenaar/checkov that referenced this pull request Jun 10, 2025
@thentenaar
Revert "fix(general): using asteval instead of using eval (bridgecrew…
1a4da96 
…io#7116)"

This reverts commit 5ddad08.
thentenaar added a commit to thentenaar/checkov that referenced this pull request Aug 10, 2025
@thentenaar
Revert "fix(general): using asteval instead of using eval (bridgecrew…
e2061f7 
…io#7116)"

This reverts commit 5ddad08.
thentenaar added a commit to thentenaar/checkov that referenced this pull request Aug 20, 2025
@thentenaar
Revert "fix(general): using asteval instead of using eval (bridgecrew…
e257878 
…io#7116)"

This reverts commit 5ddad08.
kapyteinaikido added a commit to AikidoSec/checkov that referenced this pull request Aug 28, 2025
@kapyteinaikido
Use asteval instead of eval, forked from bridgecrewio#7116
6d08bb2
willem-delbare added a commit to AikidoSec/checkov that referenced this pull request Aug 28, 2025
@willem-delbare
Merge pull request #15 from AikidoSec/asteval_patch_1
fa68b90 
Use asteval instead of eval, forked from bridgecrewio#7116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxamel maxamel maxamel approved these changes

@bo156 bo156 bo156 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@lirshindalman @Saarett @maxamel @bo156