From 91061752cf36116bfe1da21fb542e19cf32d2486 Mon Sep 17 00:00:00 2001
From: Bryan Stitt <bryan@uber.com>
Date: Mon, 11 Nov 2013 22:03:20 -0800
Subject: [PATCH] stop using eval

---
 electrum          |    4 ++--
 gui/qt/console.py |    4 ++++
 lib/blockchain.py |   11 +++++------
 lib/commands.py   |    4 ++--
 lib/util.py       |    3 +++
 5 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/electrum b/electrum
index 56c8438..b082782 100755
--- a/electrum
+++ b/electrum
@@ -100,7 +100,7 @@ def print_help_cb(self, opt, value, parser):
 
 def run_command(cmd, password = None, args = []):
     cmd_runner = Commands(wallet, network)
-    func = eval('cmd_runner.' + cmd)
+    func = getattr(cmd_runner, cmd)
     cmd_runner.password = password
     try:
         result = func(*args[1:])
@@ -126,7 +126,7 @@ if __name__ == '__main__':
     if is_android:
         config_options = {'portable':True, 'verbose':True, 'gui':'android', 'auto_cycle':True}
     else:
-        config_options = eval(str(options))
+        config_options = vars(options)
         for k, v in config_options.items():
             if v is None: config_options.pop(k)
 
diff --git a/gui/qt/console.py b/gui/qt/console.py
index 76ca4c0..e7d05e9 100644
--- a/gui/qt/console.py
+++ b/gui/qt/console.py
@@ -39,6 +39,8 @@ class Console(QtGui.QPlainTextEdit):
     def run_script(self, filename):
         with open(filename) as f:
             script = f.read()
+
+        # eval is generally considered bad practice. use it wisely!
         result = eval(script, self.namespace, self.namespace)
 
 
@@ -209,6 +211,7 @@ class Console(QtGui.QPlainTextEdit):
             sys.stdout = stdoutProxy(self.appendPlainText)
             try:
                 try:
+                    # eval is generally considered bad practice. use it wisely!
                     result = eval(command, self.namespace, self.namespace)
                     if result != None:
                         if self.is_json:
@@ -216,6 +219,7 @@ class Console(QtGui.QPlainTextEdit):
                         else:
                             self.appendPlainText(repr(result))
                 except SyntaxError:
+                    # exec is generally considered bad practice. use it wisely!
                     exec command in self.namespace
             except SystemExit:
                 self.close()
diff --git a/lib/blockchain.py b/lib/blockchain.py
index 08461d0..484b29b 100644
--- a/lib/blockchain.py
+++ b/lib/blockchain.py
@@ -18,7 +18,7 @@
 
 
 import threading, time, Queue, os, sys, shutil
-from util import user_dir, appdata_dir, print_error
+from util import user_dir, appdata_dir, print_error, hex_to_int
 from bitcoin import *
 
 
@@ -118,7 +118,7 @@ class Blockchain(threading.Thread):
             try:
                 assert prev_hash == header.get('prev_block_hash')
                 assert bits == header.get('bits')
-                assert eval('0x'+_hash) < target
+                assert hex_to_int(_hash) < target
             except Exception:
                 return False
 
@@ -149,7 +149,7 @@ class Blockchain(threading.Thread):
             _hash = self.hash_header(header)
             assert previous_hash == header.get('prev_block_hash')
             assert bits == header.get('bits')
-            assert eval('0x'+_hash) < target
+            assert hex_to_int(_hash) < target
 
             previous_header = header
             previous_hash = _hash 
@@ -175,7 +175,7 @@ class Blockchain(threading.Thread):
         try:
             assert prev_hash == header.get('prev_block_hash')
             assert bits == header.get('bits')
-            assert eval('0x'+_hash) < target
+            assert hex_to_int(_hash) < target
         except Exception:
             # this can be caused by a reorg.
             print_error("verify header failed"+ repr(header))
@@ -200,7 +200,6 @@ class Blockchain(threading.Thread):
 
 
     def header_from_string(self, s):
-        hex_to_int = lambda s: eval('0x' + s[::-1].encode('hex'))
         h = {}
         h['version'] = hex_to_int(s[0:4])
         h['prev_block_hash'] = hash_encode(s[4:36])
@@ -306,7 +305,7 @@ class Blockchain(threading.Thread):
             c = c[2:]
             i -= 1
 
-        c = eval('0x'+c[0:6])
+        c = hex_to_int(c[0:6])
         if c > 0x800000: 
             c /= 256
             i += 1
diff --git a/lib/commands.py b/lib/commands.py
index f34c10a..f59b5d8 100644
--- a/lib/commands.py
+++ b/lib/commands.py
@@ -112,8 +112,8 @@ class Commands:
         cmd = known_commands[method]
         if cmd.requires_password and self.wallet.use_encryption:
             self.password = apply(password_getter,())
-        f = eval('self.'+method)
-        result = apply(f,args)
+        f = getattr(self, method)
+        result = f(*args)
         self.password = None
         if self._callback:
             apply(self._callback, ())
diff --git a/lib/util.py b/lib/util.py
index b719fed..476f60b 100644
--- a/lib/util.py
+++ b/lib/util.py
@@ -5,6 +5,9 @@ from datetime import datetime
 is_verbose = True
 
 
+def hex_to_int(s):
+    return int('0x' + s[::-1].encode('hex'), 16)
+
 
 class MyEncoder(json.JSONEncoder):
     def default(self, obj):
-- 
1.7.1