{"id":1025,"library":"simpleeval","title":"SimpleEval","description":"SimpleEval is a Python library designed for safely evaluating simple expressions provided by untrusted users. It acts as a controlled alternative to Python's built-in `eval()` function, parsing expressions using the `ast` module to restrict executable operations, functions, and names. This prevents malicious code execution while allowing flexible, user-defined calculations. The current version is 1.0.7, and the library maintains an active development and release cadence.","status":"active","version":"1.0.7","language":"python","source_language":"en","source_url":"https://github.com/danthedeckie/simpleeval","tags":["evaluation","sandbox","expression parser","safe eval","AST","security"],"install":[{"cmd":"pip install simpleeval","lang":"bash","label":"Install with pip"}],"dependencies":[],"imports":[{"symbol":"simple_eval","correct":"from simpleeval import simple_eval"},{"symbol":"SimpleEval","correct":"from simpleeval import SimpleEval"},{"note":"Recommended when allowing attribute access on strings/lists, e.g., 'text'.strip().","symbol":"BASIC_ALLOWED_ATTRS","correct":"from simpleeval import BASIC_ALLOWED_ATTRS"},{"note":"Use this class if you need to allow the creation of compound types like dicts, lists, or sets, and comprehensions.","symbol":"EvalWithCompoundTypes","correct":"from simpleeval import EvalWithCompoundTypes"}],"quickstart":{"code":"from simpleeval import simple_eval, SimpleEval\n\n# Basic evaluation\nresult1 = simple_eval(\"21 + 21\")\nprint(f\"Basic evaluation: {result1}\") # Expected: 42\n\n# Evaluation with custom names and functions\ns = SimpleEval(names={'x': 10, 'y': 5}, functions={'add_one': lambda val: val + 1})\nresult2 = s.eval(\"x * y + add_one(2)\")\nprint(f\"Custom evaluation: {result2}\") # Expected: 52 (10 * 5 + 3)\n\n# Allowing safe attribute access\nfrom simpleeval import BASIC_ALLOWED_ATTRS\ns_attrs = SimpleEval(names={'my_string': '  hello '}, allowed_attrs=BASIC_ALLOWED_ATTRS)\nresult3 = s_attrs.eval(\"my_string.strip().upper()\")\nprint(f\"Attribute access: {result3}\") # Expected: '  HELLO '","lang":"python","description":"Demonstrates basic expression evaluation using `simple_eval` and more advanced usage with the `SimpleEval` class, including custom variables, functions, and safe attribute access."},"warnings":[{"fix":"Upgrade your Python environment to 3.9 or higher, or pin simpleeval to a version below 1.0.0 (e.g., `pip install simpleeval<1.0.0`).","message":"SimpleEval 1.0.0 and later versions dropped support for Python versions prior to 3.9. If you need to support older Python environments, you must use an older version of SimpleEval.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Upgrade to simpleeval version 1.0.7 or later immediately. Carefully review any objects, functions, or modules you expose to the evaluator via `names` or `functions` parameters, ensuring they do not transitively expose dangerous functionality.","message":"A critical vulnerability (CVE-2026-32640) allows objects passed into SimpleEval to potentially leak dangerous modules (like `os` or `sys`) through attributes or callbacks, leading to sandbox escapes. This could allow an attacker to execute arbitrary code.","severity":"breaking","affected_versions":"<1.0.7"},{"fix":"While defaults are safe, be aware that you can modify `simpleeval.MAX_POWER`, `simpleeval.MAX_STRING_LENGTH`, or `simpleeval.MAX_COMPREHENSION_LENGTH` if your use case genuinely requires higher limits. Exercise caution as this increases DoS risk.","message":"The default configuration of SimpleEval limits the `**` (power) operator to prevent Denial-of-Service (DoS) attacks from extremely large calculations. Similarly, string and comprehension lengths are capped.","severity":"gotcha","affected_versions":"all"},{"fix":"If exponentiation is desired, you must explicitly replace the operator by modifying `s.operators[ast.BitXor] = simpleeval.safe_power` on a `SimpleEval` instance, or use the `**` operator.","message":"In Python, the `^` operator performs a bitwise XOR, not exponentiation. Users expecting `3 ^ 2` to yield 9 (like in some other languages) will get 1 (3 XOR 2).","severity":"gotcha","affected_versions":"all"},{"fix":"To allow safe attribute access, pass `allowed_attrs=BASIC_ALLOWED_ATTRS` to `SimpleEval`. For controlled module exposure, use `ModuleWrapper`. If you need to expose custom functions, wrap them carefully to avoid security pitfalls.","message":"By default, SimpleEval restricts access to object attributes (especially those starting with `_` or `func_`) and disallows sensitive built-in functions (e.g., `type`, `open`). Module access is also highly restricted.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-12T22:45:49.266Z","next_check":"2026-06-27T00:00:00.000Z","problems":[{"fix":"pip install simpleeval","cause":"The `simpleeval` library has not been installed in your Python environment or is not accessible.","error":"ModuleNotFoundError: No module named 'simpleeval'"},{"fix":"```python\nfrom simpleeval import SimpleEval\n\n# For variables\ns = SimpleEval(names={\"my_variable\": 10})\nresult = s.eval(\"my_variable + 5\")\nprint(result)\n\n# For functions\ndef my_custom_func(x):\n    return x * 2\n\ns = SimpleEval(functions={\"my_custom_func\": my_custom_func})\nresult = s.eval(\"my_custom_func(7)\")\nprint(result)\n```","cause":"The expression attempts to use a variable or function name (`my_variable`) that has not been explicitly provided or registered with the `SimpleEval` instance.","error":"simpleeval.InvalidExpression: Invalid name 'my_variable'"},{"fix":"```python\nfrom simpleeval import SimpleEval\n\ns = SimpleEval()\n# Corrected: ensure the expression is valid Python syntax\nresult = s.eval(\"(10 + 2) * 3\") # Example: user might have written \"(10 + 2 * 3\"\nprint(result)\n```","cause":"The string passed to `eval()` is not syntactically valid Python code, preventing `simpleeval` from parsing it.","error":"simpleeval.InvalidExpression: invalid syntax (<string>, line 1)"},{"fix":"```python\nfrom simpleeval import SimpleEval\n\ns = SimpleEval()\n\n# SimpleEval does not allow complex constructs like lambda functions.\n# Instead, define functions in Python and pass them to SimpleEval:\ndef calculate_discount(price, rate):\n    return price * (1 - rate)\n\ns.functions['calculate_discount'] = calculate_discount\nresult = s.eval('calculate_discount(100, 0.1)')\nprint(result) # Output: 90.0\n```","cause":"The expression contains a Python construct (like `lambda` functions, list comprehensions, or `import` statements) that `simpleeval` explicitly disallows for security and simplicity, as it only permits a restricted set of AST nodes.","error":"simpleeval.InvalidExpression: Invalid node type 'Lambda'"},{"fix":"Pass the required names or functions as dictionaries to the SimpleEval constructor to make them available within the evaluated expression.\n```python\nfrom simpleeval import SimpleEval\ns = SimpleEval(names={'x': 10, 'y': 20}, functions={'add': lambda a, b: a + b})\nresult = s.eval('add(x, y)')\n```","cause":"The expression attempted to use a variable or function name that was not explicitly passed to SimpleEval via its `names` or `functions` parameters, adhering to simpleeval's security model.","error":"NameError: name 'some_variable_or_function' is not defined"}],"ecosystem":"pypi","meta_description":null,"install_score":100,"install_tag":"verified","quickstart_score":null,"quickstart_tag":null,"pypi_latest":"1.0.7","cli_name":"","install_checks":{"last_tested":"2026-05-12","tag":"verified","tag_description":"installs cleanly on critical runtimes, fast import, recently tested","results":[{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.01,"mem_mb":1.1,"disk_size":"17.9M"},{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.01,"mem_mb":1.1,"disk_size":"17.9M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.5,"import_time_s":0.01,"mem_mb":1.1,"disk_size":"18M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.01,"mem_mb":1.1,"disk_size":"18M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.02,"mem_mb":1.3,"disk_size":"19.7M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.03,"mem_mb":1.3,"disk_size":"19.7M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.5,"import_time_s":0.02,"mem_mb":1.3,"disk_size":"20M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.02,"mem_mb":1.3,"disk_size":"20M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.02,"mem_mb":1,"disk_size":"11.6M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.02,"mem_mb":1,"disk_size":"11.6M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.4,"import_time_s":0.02,"mem_mb":1,"disk_size":"12M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.02,"mem_mb":1,"disk_size":"12M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.02,"mem_mb":1.3,"disk_size":"11.3M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.02,"mem_mb":1.3,"disk_size":"11.2M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.4,"import_time_s":0.02,"mem_mb":1.1,"disk_size":"12M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.02,"mem_mb":1.1,"disk_size":"12M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.01,"mem_mb":1.1,"disk_size":"17.4M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.01,"mem_mb":1.1,"disk_size":"17.4M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.7,"import_time_s":0.01,"mem_mb":1.1,"disk_size":"18M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.01,"mem_mb":1.1,"disk_size":"18M"}]},"quickstart_checks":{"last_tested":"2026-04-24","tag":null,"tag_description":null,"results":[{"runtime":"python:3.10-alpine","exit_code":0},{"runtime":"python:3.10-slim","exit_code":0},{"runtime":"python:3.11-alpine","exit_code":0},{"runtime":"python:3.11-slim","exit_code":0},{"runtime":"python:3.12-alpine","exit_code":0},{"runtime":"python:3.12-slim","exit_code":0},{"runtime":"python:3.13-alpine","exit_code":0},{"runtime":"python:3.13-slim","exit_code":0},{"runtime":"python:3.9-alpine","exit_code":0},{"runtime":"python:3.9-slim","exit_code":0}]}}