Last active
April 18, 2024 02:51
-
-
Save burgil/d64f86bdc1b9a7cfa37c828c0e6dfd1c to your computer and use it in GitHub Desktop.
#Fixed math, the universe and everything in between ! Serverless compatible Math-Only JavaScript EVAL ! Introducing math eval - A math only eval that can actually calculate numbers unlike python and javascript lol, and does not require any library
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const evalMath = (str) => { | |
const operatorToFunction = { | |
"+": (a, b) => a + b, | |
"-": (a, b) => a - b, | |
"*": (a, b) => a * b, | |
"/": (a, b) => a / b | |
}; | |
const operationStr = str.replace(/\s/g, ''); | |
const numbers = operationStr.split(/[-+*/]/).map(Number); | |
const operators = operationStr.split(/\d+/).filter(Boolean).filter(operator => operator !== '.'); | |
for (let i = 0; i < operators.length; i++) { | |
const operator = operators[i]; | |
const nextNumber = numbers[i + 1]; | |
if (operator === '*' || operator === '/') { | |
numbers[i] = operatorToFunction[operator](numbers[i], nextNumber); | |
numbers.splice(i + 1, 1); | |
operators.splice(i, 1); | |
i--; | |
} | |
} | |
let result = numbers[0]; | |
for (let i = 0; i < operators.length; i++) { | |
const operator = operators[i]; | |
const nextNumber = numbers[i + 1]; | |
result = operatorToFunction[operator](result, nextNumber); | |
} | |
const numberString = result.toFixed(15); | |
const decimalIndex = numberString.indexOf('.'); | |
let trimmedNumberString = numberString; | |
if (decimalIndex !== -1) { | |
let i = numberString.length - 1; | |
while (numberString[i] === '0' && i > decimalIndex) { | |
i--; | |
} | |
trimmedNumberString = numberString.substring(0, i + 1); | |
if (trimmedNumberString.charAt(trimmedNumberString.length - 1) === '.') trimmedNumberString = trimmedNumberString.slice(0, -1); | |
} | |
const finalResult = parseFloat(trimmedNumberString); | |
// test: (compares itself to eval) | |
const DEBUG = true; | |
if (DEBUG) { | |
const PERFORM_TEST = false; // <<<<< enable this | |
if (!PERFORM_TEST) { | |
console.log(str, '=', finalResult) | |
} else { | |
const ONLY_SHOW_INVALID = false; | |
try { | |
const evalResult = eval(str); | |
const numberString2 = evalResult.toFixed(15); | |
const decimalIndex2 = numberString2.indexOf('.'); | |
let trimmedNumberString2 = numberString2; | |
if (decimalIndex2 !== -1) { | |
let i2 = numberString2.length - 1; | |
while (numberString2[i2] === '0' && i2 > decimalIndex2) { | |
i2--; | |
} | |
trimmedNumberString2 = numberString2.substring(0, i2 + 1); | |
if (trimmedNumberString2.charAt(trimmedNumberString2.length - 1) === '.') trimmedNumberString2 = trimmedNumberString2.slice(0, -1); | |
} | |
const finalEvalResult = parseFloat(trimmedNumberString2); | |
const isValid = finalResult === finalEvalResult; | |
if (ONLY_SHOW_INVALID) { | |
if (!isValid) console.log(str, '=', finalResult, 'Invalid: ' + finalEvalResult) | |
} else { | |
console.log(str, '=', finalResult, "Is Valid?", isValid, isValid ? 'Valid' : 'Invalid: ' + finalEvalResult) | |
} | |
} catch(e) { | |
console.warn("Eval Error:", str, e.message); | |
} | |
} | |
} | |
// you can remove the test (which uses eval to verify itself) ^^ | |
return finalResult; | |
}; | |
let example; | |
example = evalMath('1 + 1'); | |
example = evalMath('4 - 1'); | |
example = evalMath('2 * 5'); | |
example = evalMath('16 / 4'); | |
example = evalMath('1 + 1 + 2'); | |
example = evalMath('4 - 1 - 2'); | |
example = evalMath('15 * 1000 * 2 / 2 * 2'); | |
example = evalMath('1 + 15 * 1000 * 2 / 2 * 2'); | |
example = evalMath('15 * 1000 * 2 / 2 * 2 + 1'); | |
example = evalMath('16 / 4 / 2'); | |
example = evalMath('5 * 5'); | |
example = evalMath('10 / 2'); | |
example = evalMath('3 + 5 * 2'); | |
example = evalMath('3 * 5 + 2'); | |
example = evalMath('10 - 3 * 2 + 5'); | |
example = evalMath('10 - 3 * 2'); | |
example = evalMath('3 * 2 + 5'); | |
example = evalMath('2 * 3 + 5 * 4'); | |
// example = evalMath('2 * (3 + 5)'); // Error | |
// example = evalMath('a + a'); // Error | |
// example = evalMath('b'); // Error | |
example = evalMath('0'); | |
example = evalMath('20'); | |
example = evalMath('-10 + 10'); | |
example = evalMath('-10 + 12'); | |
example = evalMath('10 - 15'); | |
// example = evalMath('1-'); // Error | |
example = evalMath('-1'); | |
example = evalMath('10 / 3'); | |
example = evalMath('1+1+1*2+1+1+1'); | |
example = evalMath('2.5 * 5'); | |
example = evalMath('1.5 + 1.5'); | |
example = evalMath('4.5 - 1.2'); | |
example = evalMath('2.3 * 2.5'); | |
example = evalMath('16.8 / 4.2'); | |
example = evalMath('1.1 + 1.2 + 2.3'); | |
example = evalMath('4.5 - 1.2 - 2.1'); | |
example = evalMath('15.25 * 100.5 * 2.2 / 2.5 * 2.5'); | |
example = evalMath('1.1 + 15.5 * 100.25 * 2.2 / 2.1 * 2.1'); | |
example = evalMath('15.5 * 1000.2 * 2.1 / 2.5 * 2.5 + 1.5'); | |
example = evalMath('16.5 / 4.5 / 2.5'); | |
example = evalMath('5.5 * 5.5'); | |
example = evalMath('10.5 / 2.5'); | |
example = evalMath('3.5 + 5.5 * 2.5'); | |
example = evalMath('3.2 * 5.5 + 2.5'); | |
example = evalMath('10.5 - 3.2 * 2.5 + 5.5'); | |
example = evalMath('10.5 - 3.2 * 2.5'); | |
example = evalMath('3.5 * 2.5 + 5.5'); | |
example = evalMath('2.1 * 3.5 + 5.5 * 4.5'); | |
example = evalMath('2.5 * 5.2'); | |
example = evalMath('0.1'); | |
example = evalMath('20.2'); | |
example = evalMath('-10.5 + 10.5'); | |
example = evalMath('-10.5 + 12.2'); | |
example = evalMath('10.5 - 15.5'); | |
// example = evalMath('1.1-'); // Error | |
example = evalMath('-1.1'); | |
example = evalMath('10.5 / 3.5'); | |
example = evalMath('1.2+1.3+1.5*2.5+1.7+1.8+1.9'); | |
"Finished" |
Clean version:
const evalMath = (str) => {
const operatorToFunction = {
"+": (a, b) => a + b,
"-": (a, b) => a - b,
"*": (a, b) => a * b,
"/": (a, b) => a / b
};
const operationStr = str.replace(/\s/g, '');
const numbers = operationStr.split(/[-+*/]/).map(Number);
const operators = operationStr.split(/\d+/).filter(Boolean).filter(operator => operator !== '.');
for (let i = 0; i < operators.length; i++) {
const operator = operators[i];
const nextNumber = numbers[i + 1];
if (operator === '*' || operator === '/') {
numbers[i] = operatorToFunction[operator](numbers[i], nextNumber);
numbers.splice(i + 1, 1);
operators.splice(i, 1);
i--;
}
}
let result = numbers[0];
for (let i = 0; i < operators.length; i++) {
const operator = operators[i];
const nextNumber = numbers[i + 1];
result = operatorToFunction[operator](result, nextNumber);
}
const numberString = result.toFixed(15);
const decimalIndex = numberString.indexOf('.');
let trimmedNumberString = numberString;
if (decimalIndex !== -1) {
let i = numberString.length - 1;
while (numberString[i] === '0' && i > decimalIndex) {
i--;
}
trimmedNumberString = numberString.substring(0, i + 1);
if (trimmedNumberString.charAt(trimmedNumberString.length - 1) === '.') trimmedNumberString = trimmedNumberString.slice(0, -1);
}
return parseFloat(trimmedNumberString);
};
Important notes:
-
If you define
operatorToFunction
outside the scope ofexecuteOperation
sometimes you will getcan not access operatorToFunction before initialization
when testing on the devTools -
Unless the
.
is filtered, the operators read it as an operator -
Unless the result is fixed to 15 decimal points,
3.3-2.1
does not equal 1.2. -
To prevent the extra zeros after the decimal caused by fixing to 15 decimal points the third loop is needed.
-
To prevent cases where a
.
is all that remain after removing all zeros the extra slice is needed at the end -
To support multiple operations the
...
is needed
Best use case:
Best used when setting up build-time math-only evals, for example rate limits, and NOT for user input
Fixes this eval scenario for example:
const RATE_LIMITS = {
"IP": {
// perSecond: 1,
// perMinute: 1,
// perHour: 2,
// perDay: 6,
// perWeek: 8,
// perMonth: 10,
// perYear: 100,
custom: {
"15 * 1000": 1, // allowed up to 1 request per 15 seconds
"30 * 1000": 1, // allowed up to 1 request per 30 seconds
"15000": 1, // allowed up to 1 request per 15 seconds
"2 minutes": 1, // allowed up to 1 request per 2 minutes
"1 minute": 1, // allowed up to 1 request per 1 minutes
"1 second": 1, //
"0.5 years": 1, //
"0.5 seconds": 1, //
"1 hour and 30 minutes": 1, //
"90 minutes": 1, //
}
},
"Email": {
perSecond: 1,
perMinute: 1,
perHour: 2,
perDay: 3,
perWeek: 4,
perMonth: 5,
perYear: 50,
}
};
for (const limit in RATE_LIMITS) {
if (RATE_LIMITS[limit].custom) {
for (const customLimit in RATE_LIMITS[limit].custom) {
if (customLimit.includes('+') || customLimit.includes('*') || customLimit.includes('-') || customLimit.includes('/')) {
const newLimit = eval(customLimit); // simply replace with evalMath
console.log(newLimit, customLimit);
const limitCount = RATE_LIMITS[limit].custom[customLimit];
delete RATE_LIMITS[limit].custom[customLimit];
if (RATE_LIMITS[limit].custom[newLimit]) {
console.warn("Time Limit Already Exist:", newLimit, customLimit, limit);
} else {
RATE_LIMITS[limit].custom[newLimit] = limitCount;
}
}
}
}
}
console.log(RATE_LIMITS); // This simply replaced the 15 * 1000 with 15000 for example
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It's important to understand the risks of using
eval
in javascript, especially when dealing with user input or dynamically generated code.eval
runs JavaScript code represented as a string, which poses significant security risks if the input is not carefully sanitized.1. Security Risks:
Code Injection: Since
eval
executes any code passed to it, it's vulnerable to code injection attacks. Malicious users can exploit this to execute arbitrary code within your application, leading to security breaches, data leaks, or even complete system compromise.Cross-Site Scripting (XSS): If user input is directly fed into
eval
, it can execute scripts injected into the application by attackers. This can result in unauthorized access to sensitive data or the ability to perform actions on behalf of the user.2. Bundler Warnings:
Many modern JavaScript bundlers, such as Webpack or Wrangler, emit warnings when
eval
is used directly. These warnings serve as a reminder of the potential risks associated with usingeval
and encourage developers to adopt safer alternatives.▲ [WARNING] Using direct eval with a bundler is not recommended and may cause problems [direct-eval]
3. Alternatives:
Instead of using
eval
, consider alternative approaches such as:Parser Libraries: Use parser libraries like
math.js
orexpr-eval
to parse and evaluate mathematical expressions safely. These libraries provide functionalities similar toeval
but with built-in security measures to prevent code injection.Use my solution instead: mathEval is at your service, feel free to thank me below if you're using it, it means a lot to me.
new Function() Those works exactly the same like eval, do not use them.
In scenarios where you must evaluate mathematical expressions dynamically, it's crucial to ensure that the evaluation is restricted to mathematical operations only and doesn't expose your application to security vulnerabilities. Even in such cases, weigh the risks carefully and implement additional security measures to mitigate potential threats.
4. Cloudflare Workers Pages:
The warning I had in Cloudflare Workers Pages highlights the risks about using direct
eval
.eval
may seem like a convenient solution for evaluating dynamic code, its risks often outweigh its benefits, especially in scenarios involving user input or serverless environments. Always prioritize security for safer alternatives toeval
whenever possible.