Skip to content
← Back to Community
Eval hack
Profile icon
QuantumCodes

Can someone hack this? Hack = reveal the secret (environmentvariables) variable "y" has the secret

If u can, say the secret and pls say how to fix that too..
Can i safely use this?

Voters
Profile icon
QuantumCodes
Comments
hotnewtop
Profile icon
Coder100

environment variables are only set by those that have multiplayer access to the repl or made the repl.

In other words, if you can't edit the repl, the environment variables are hidden.

Profile icon
QuantumCodes

@Coder100 i should have given more context. I am going to use eval() in a discord bot to let users calculate math expressions.... i dont want anyone to find out the bot's token (in an environment variable) by using somethjng like

!calc 1+1 #expected command !calc print(token) #vulnerability
Profile icon
MrVoo

@QuantumCodes Just use in to find words like "print", "import", or "token". You probably need more words than that though

Profile icon
QuantumCodes

@MrVoo yea

Profile icon
Coder100
Profile icon
QuantumCodes

@Coder100 ast.literal_eval should help..

Profile icon
MrVoo

Nobody else can even run the project (as of now), so it seems safe to me

Profile icon
QuantumCodes
Profile icon
Debarchito

I do think they are safe to use. Like, everyone uses them! Feel free!

Profile icon
QuantumCodes