From fca2b8cd07a0929fb5a0368522f11a061d03e52e Mon Sep 17 00:00:00 2001
From: Marius Wachtler <undingen@gmail.com>
Date: Fri, 24 Oct 2025 14:29:35 -0500
Subject: [PATCH] harden eval: prevent the calc tool from accessing globals and
 locals By passing empty globals() and locals() to eval() we can prevent
 simple malicious cases where the user gets the model to output something like

```<global variable/func> or "a".count("a")```
e.g.
```signal.raise_signal(9) or "a".count("a")``` which would kill the process.
or one could maybe get it to output secrets etc.

I think to make it 100% secure one would need to parse the AST and only execute secure nodes but this should make it much more robust.
---
 nanochat/engine.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nanochat/engine.py b/nanochat/engine.py
index fee06a1..77530c5 100644
--- a/nanochat/engine.py
+++ b/nanochat/engine.py
@@ -37,7 +37,7 @@ def eval_with_timeout(formula, max_time=3):
         with timeout(max_time, formula):
             with warnings.catch_warnings():
                 warnings.simplefilter("ignore", SyntaxWarning)
-                return eval(formula)
+                return eval(formula, {"__builtins__": {}}, {})
     except Exception as e:
         signal.alarm(0)
         # print(f"Warning: Failed to eval {formula}, exception: {e}") # it's ok ignore wrong calculator usage