{"id":9074,"library":"leval","title":"Limited Evaluator (leval)","description":"leval is a Python library that provides a safe and limited evaluator for untrusted Python expressions, aiming to prevent arbitrary code execution while allowing controlled calculations. It is currently at version 1.3.0 and actively maintained, with recent updates focusing on feature enhancements and internal improvements.","status":"active","version":"1.3.0","language":"en","source_language":"en","source_url":"https://github.com/valohai/leval","tags":["evaluation","sandbox","expression-evaluation","security","runtime"],"install":[{"cmd":"pip install leval","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"evaluate","correct":"from leval.simple import evaluate"},{"note":"For more complex or customizable evaluator instances.","symbol":"Leval","correct":"from leval.universal import Leval"}],"quickstart":{"code":"from leval.simple import evaluate\n\n# Basic evaluation with context\nexpression_1 = \"x * (y + 2)\"\ncontext_1 = {\"x\": 5, \"y\": 3}\nresult_1 = evaluate(expression_1, **context_1)\nprint(f\"'{expression_1}' with context {context_1} evaluates to: {result_1}\")\n\n# Evaluation with string methods and built-in functions\nexpression_2 = \"s.upper() + ' WORLD!' if len(s) > 5 else s.lower()\"\ncontext_2 = {\"s\": \"hello\"}\nresult_2 = evaluate(expression_2, **context_2)\nprint(f\"'{expression_2}' with context {context_2} evaluates to: {result_2}\")\n\n# Explicitly opting out of loose 'is/is not' behavior introduced in v1.2.0\n# For example, '0 is False' would evaluate to True with default 'loose_is_is_not=True'\nexpression_3 = \"my_value is None\"\ncontext_3 = {\"my_value\": 0}\nresult_3_loose = evaluate(expression_3, **context_3)\nresult_3_strict = evaluate(expression_3, loose_is_is_not=False, **context_3)\nprint(f\"'{expression_3}' (0 is None) with loose_is_is_not (default): {result_3_loose}\")\nprint(f\"'{expression_3}' (0 is None) with loose_is_is_not=False: {result_3_strict}\")","lang":"python","description":"This quickstart demonstrates how to use `leval.simple.evaluate` for evaluating expressions with provided context, including basic arithmetic, string manipulation, and conditional logic. It also highlights the `loose_is_is_not` parameter for controlling identity operator behavior introduced in version 1.2.0."},"warnings":[{"fix":"If strict identity (`id()`) comparison is required, set `loose_is_is_not=False` when calling `evaluate()` or initializing `Leval`.","message":"The default behavior of `is` and `is not` operators was changed in v1.2.0 to be 'loose', meaning expressions like `0 is False` or `'' is None` might evaluate to `True`.","severity":"gotcha","affected_versions":">=1.2.0"},{"fix":"Update exception handling logic to specifically catch `leval.exceptions.InvalidAttributeError` if you need to differentiate it, or ensure you're catching `AttributeError` (which it subclasses).","message":"In v1.2.0, a new specific exception type, `leval.exceptions.InvalidAttributeError`, was introduced for attempts to access non-existent attributes. Previously, this might have raised a generic `AttributeError`.","severity":"breaking","affected_versions":">=1.2.0"},{"fix":"Always audit the objects and functions exposed in the evaluation context (`**context`, `globals`, `locals`) to ensure they do not introduce security vulnerabilities or allow access beyond what is intended.","message":"`leval` is designed as a *limited* evaluator, not a full sandbox. While it blocks many dangerous operations, careful control of the `globals` and `locals` context is crucial to prevent unintended side effects or exposure of sensitive objects.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Run `pip install leval` to install the library.","cause":"The 'leval' library is not installed in the current Python environment.","error":"ModuleNotFoundError: No module named 'leval'"},{"fix":"Ensure all variables used in the expression are passed into the `evaluate` function's `**context` (or `globals`/`locals`) dictionary.","cause":"An expression attempts to use a variable name that was not provided in the evaluation context (e.g., `**context`, `globals`, or `locals`).","error":"leval.exceptions.UndefinedNameError: Undefined name 'my_variable'"},{"fix":"Review the expression string for correct Python syntax. `leval` expressions are standard Python syntax.","cause":"The provided expression string contains a Python syntax error (e.g., unmatched parentheses, incorrect operator usage).","error":"leval.exceptions.InvalidSyntaxError: Invalid syntax in expression '...'"},{"fix":"Verify that the objects in your context have the attributes/methods you are trying to access. This often indicates a typo or misunderstanding of the object's API.","cause":"The expression attempts to access an attribute or call a method on an object that does not possess it (e.g., `my_string.non_existent_method()`).","error":"leval.exceptions.InvalidAttributeError: Object of type <class 'str'> has no attribute 'non_existent_method'"}]}