Plusminus 0.3.0
Pre-release
Pre-release
- Added syntax to clear a defined variable:
a, b = 1, 2
c = a + b -> 3
a = -> clears variable a
c = a + b -> NameError
- Added support for nested sets, and better set display format.
{{1, 2}, 99, 100}
{99, 'z', 'a'} ∪ {'a', 't', 100} -> {99, 100, 'a', 't', 'z'}
- Set literals can be used as function arguments, if supported
by the function.
max({1, 2, 4}) -> 4
min({1, 2, 4}) -> 1
sin({1, 2, 4}) -> TypeError
- Added dict-like access API to set and get variables defined within
a parser:
for x in range(10):
parser['x'] = x
parser.evaluate("y = x * x")
print(parser['y'])
del parser['y']
- plusminus has been hardened against some possible attacks, using
deep expression nesting or formula references:
- To guard against expressions that are too deeply nested, a
customizable maximum_expression_depth attribute has been added
to parsers. Parsers customized with additional operators may need
to limit the allowed depth. The default maximum depth is 6
(reduced from 10 in 0.2.0).
((((((0)))))) -> 0
(((((((0))))))) -> OverflowError: too deeply nested
There is also a maximum_set_depth attribute for nested sets,
also defaults to 6.
- A similar performance issue can be raised if a formula chains
to another formula to another formula, etc. too deeply.
a @= b + b
b @= c + c
c @= d + d
...
m @= n + n -> OverflowError: function variables nested too deeply
A customizable parser attribute maximum_formula_depth will limit the number
of formula indirections. The default value is 12.
- An attack may try to define too many variables and crash an application
by consuming excessive memory. A value to limit the number of variables and
their respective memory usage was previously hard-coded. These are now
part of the public API for parsers: max_number_of_vars (default = 1000)
and max_var_memory (default = 10MB).