Skip to content

Instantly share code, notes, and snippets.

@zeffii

zeffii/eval_node.md

Forked from anonymous/eval_node.md
Last active November 26, 2015 06:59
Show Gist options
  • Save zeffii/527bd6537357629e173f to your computer and use it in GitHub Desktop.
Save zeffii/527bd6537357629e173f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
eval_node.md

Eval Node

nickname: Eval Knieval Node (EK)

  • Warning
  • Introduction
  • Modes & Examples

Warning

EK can run untrusted code -- if you let it. Untrusted code could start deleting files from your harddrive or send information about you in an unauthorized way.

  • Yes that is scary.
  • Yes that is possible.
  • No we don't want that to happen to you.
  • Yes it can be prevented.

We hope this has scared you a little, and we also hope to explain what's really going on and why we still need this node. If you've never heard the term Eval or Exec they are ways to get Python (in this case) to run code from strings.

For example:

    >>> print('hello earthlings')
    ... hello earthlings

    >>> exec("print('hello earthlings')")
    ... hello earthlings

    >>> 3 + 4
    ... 7

    >>> eval('3 + 4')
    ... 7

You notice that the code being executed is a string in both cases. It is essential that we have this ability, this allows us to run arbitrary code that is generated dynamically or hasn't been included in the program before it was started.

As developers of Sverchok we are comfortable with having this feature, but want to warn you about the potential for havoc that including the node presents. We choose to educate users on why the node is dangerous in the wrong hands. We also want to make you aware of the steps we take to prevent accidental execution of untrusted code.

Disclaimer: ..no warranty, damages, use at own risk, this is GPL.

We've put some road-blocks in place to prevent .blends containing a Sverchok node tree from doing any calculating until the tree is inspected (this is an automated process). We inspect the tree and detect nodes which internally use Eval and Exec. If such nodes are found we switch you to a safe mode where you must explicitely allow sverchok to run untrusted source.

Not everyone is evil, and we use these nodes ourselves daily so we have convenience preferences. The easiest way to make it safe for new users yet convenient for regular users is to have a trusted directory system. Any files in this directory are deemed safe and won't invoke the warning system. Files outside this directory will always present a warning. This directory is not setup by default.

more later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment