tacit/nanochat
1
0
Fork 0
mirror of https://github.com/karpathy/nanochat.git synced 2025-12-06 04:12:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use empty locals and globals in call to eval() in engine tool use

Browse Source 
harden eval: prevent the calc tool from accessing globals and locals
This commit is contained in:
Andrej 2025-11-01 07:22:59 -07:00 committed by GitHub
commit 630f54ae5a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nanochat/engine.py
View File

@ -37,7 +37,7 @@ def eval_with_timeout(formula, max_time=3):
with timeout(max_time, formula): with timeout(max_time, formula):
with warnings.catch_warnings(): with warnings.catch_warnings():
warnings.simplefilter("ignore", SyntaxWarning) warnings.simplefilter("ignore", SyntaxWarning)
return eval(formula) return eval(formula, {"__builtins__": {}}, {})
except Exception as e: except Exception as e:
signal.alarm(0) signal.alarm(0)
# print(f"Warning: Failed to eval {formula}, exception: {e}") # it's ok ignore wrong calculator usage # print(f"Warning: Failed to eval {formula}, exception: {e}") # it's ok ignore wrong calculator usage