{"id":1911,"library":"asteval","title":"Safe Python Expression Evaluator","description":"asteval provides a safe, minimalistic, and flexible Python expression evaluator built on the Abstract Syntax Tree (AST) module. It is designed to evaluate untrusted code within a sandboxed environment, offering fine-grained control over available symbols and operations. The current version is 1.0.8, with a development cadence focused on security enhancements, bug fixes, and supporting newer Python versions.","status":"active","version":"1.0.8","language":"en","source_language":"en","source_url":"https://github.com/lmfit/asteval","tags":["security","sandbox","eval","expression","ast","safe-eval"],"install":[{"cmd":"pip install asteval","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Required for certain advanced mathematical functions, though many core NumPy functions are explicitly excluded by default for security. It is an optional dependency.","package":"numpy","optional":true}],"imports":[{"note":"`Interpreter` is the primary and recommended class for creating an AST evaluator instance, often aliased from `AstEval`.","wrong":"from asteval.asteval import AstEval","symbol":"Interpreter","correct":"from asteval import Interpreter"}],"quickstart":{"code":"from asteval import Interpreter\n\naeval = Interpreter()\n\n# Define variables and execute expressions\naeval(\"x = 1 + 2\")\naeval(\"y = x * 3\")\n\n# Access results from the symbol table\nresult = aeval.symtable['y']\nprint(f\"Result: {result}\")\n\n# Evaluate a direct expression\ndirect_result = aeval.eval(\"10 * x + y\")\nprint(f\"Direct evaluation: {direct_result}\")","lang":"python","description":"Initialize an `Interpreter` instance, then use its callable interface or `eval()` method to execute Python expressions. Variables defined persist within the interpreter's symbol table, which can be accessed via `aeval.symtable`."},"warnings":[{"fix":"Review your code for usage of these functions. If absolutely necessary, re-enable them by adding them to the `Interpreter`'s symbol table with extreme caution, and fully understand the security implications of doing so.","message":"For enhanced security, `asteval` (starting from v1.0.1 and further hardened in v1.0.6 and v1.0.8) explicitly disallows or removes by default access to several potentially unsafe functions or modules. This includes `string.format()`, `numpy.memmap`, `numpy.linalg`, `numpy.polynomial`, and `numpy.fft`. Attempts to use these will raise errors unless they are explicitly and carefully re-enabled.","severity":"breaking","affected_versions":">=1.0.1"},{"fix":"Update `asteval` to version 1.0.8 or later to utilize `lambda` expressions. For older versions, refactor `lambda` functions into standard named `def` functions if possible.","message":"Lambda expressions (`lambda`) were not fully supported in `asteval` until version 1.0.8. Code relying on `lambda` will fail to parse or execute correctly on earlier `asteval` versions.","severity":"gotcha","affected_versions":"<1.0.8"},{"fix":"Update `asteval` to version 1.0.7 or later to ensure correct and predictable `return` behavior within loops and blocks inside `asteval` functions.","message":"The behavior of `return` statements within `while`, `for`, or `with` blocks inside `asteval` functions (referred to as 'Procedures') was inconsistent in versions prior to 1.0.7. This could lead to `return` statements not correctly exiting the function as expected, potentially resulting in unexpected code execution.","severity":"gotcha","affected_versions":"<1.0.7"},{"fix":"Ensure your development and deployment environments use Python 3.10 or newer when working with recent versions of `asteval`.","message":"`asteval` has progressively dropped support for older Python versions. As of version 1.0.7, Python 3.9 is no longer supported, and version 1.0.6 dropped support for Python 3.8. The current minimum required Python version is 3.10.","severity":"breaking","affected_versions":"Python <3.10"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}