fam/nanochat-omni
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use empty locals and globals in call to eval() in engine tool use

Browse Source 
harden eval: prevent the calc tool from accessing globals and locals
This commit is contained in:
Andrej
2025-11-01 07:22:59 -07:00
committed by GitHub
parent f15732524a fca2b8cd07
commit 630f54ae5a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nanochat/engine.py
+1 -1
View File
@@ -37,7 +37,7 @@ def eval_with_timeout(formula, max_time=3):
with timeout(max_time, formula): with timeout(max_time, formula):
with warnings.catch_warnings(): with warnings.catch_warnings():
warnings.simplefilter("ignore", SyntaxWarning) warnings.simplefilter("ignore", SyntaxWarning)
return eval(formula) return eval(formula, {"__builtins__": {}}, {})
except Exception as e: except Exception as e:
signal.alarm(0) signal.alarm(0)
# print(f"Warning: Failed to eval {formula}, exception: {e}") # it's ok ignore wrong calculator usage # print(f"Warning: Failed to eval {formula}, exception: {e}") # it's ok ignore wrong calculator usage