Dangers of the pyton eval() statement

Posted by LukeP on Super User See other posts from Super User or by LukeP
Published on 2014-08-19T20:53:22Z Indexed on 2014/08/19 22:23 UTC
Read the original article Hit count: 207

Filed under:
|
|

I am creating a game.

Specifically it is a pokemon battle simulator.

I have an sqlite database of moves in which a row looks something like:

name  |  type  |  Power  |  Accuracy  |  PP  |  Description

However, there are some special moves. For said special moves, their damage (and other attributes not shown above, like status effects) may be dependant on certian factors.

Rather than create a huge if/else in one of my classes covering the formulas for every one of these moves. I'd rather include another column in the DB that contains a formula in string form, like 'self.health/2'(simplified example). I could then just plug that into eval.

I always see people saying to stay away from eval, but from what I can tell, this would be considered an acceptable use, as the dangers of eval only come into play when accepting user input. Am I correct in this assumption, or is there somthing i'm not seeing.

© Super User or respective owner

Related posts about security

Related posts about python