Skip to content

Add example to test PR replacing eval() with RestrictedPython #32

New issue
New issue
Open
#33
Open
Add example to test PR replacing eval() with RestrictedPython#32
#33
Assignees
Pradhvan
@camilamaia

Description

@camilamaia
camilamaia
opened on Aug 20, 2025

Description

This issue tracks the creation of an example (using an existing API or introducing a new one) to validate and demonstrate the changes introduced in the PR that replaces Python’s unsafe eval() with [RestrictedPython](https://restrictedpython.readthedocs.io/).

Goal

Provide a practical example that exercises the new secure code evaluation flow, ensuring the improvements are correctly integrated and easy to test.

Acceptance Criteria

  • Create a new example (or adapt an existing one) showcasing dynamic expression evaluation in ScanAPI.
  • Ensure the example covers at least one safe module usage (e.g., datetime, math).
  • Confirm that unsafe operations (e.g., open, exec, system calls) are correctly blocked.
  • Document the example so contributors can use it to test the PR changes.
  • Integrate the example into the ScanAPI run examples workflow as an automated end-to-end (E2E) test, so it is executed in CI.

Why this matters:
The PR makes a major security improvement by removing direct calls to eval() and using RestrictedPython with a controlled environment. Having a runnable example ensures contributors can easily test and verify the behavior locally, while the E2E test in CI guarantees ongoing validation of these security constraints.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions