Reason for `ast.literal_eval`?
GurpreetKang opened this issue Β· comments
Issue #1 was originally created by @irgeek, but was accidentally deleted by me. π
BitwardenDecrypt/BitwardenDecrypt.py
Line 279 in 4751d60
I noticed while perusing the code that you seem to be turning parts of the already-decoded JSON into string and evaluating them as Python with the ast.literal_eval method. What's the reason for this? It's common practice to avoid eval whenever possible, and this specific usage appears to do nothing more than inefficiently copy a data structure.
Hi @irgeek,
Honestly, I don't remember the reason. I originally wrote this very late one night and I was getting an error and using ast.literal_eval
fixed it so I moved on to other issues that were causing decryption to fail. I have since re-wrote most of the script but I never revisited this. I don't think ast.literal_eval
has the same concerns as eval
though so I don't think it's a concern.
I should change this to:
groupData = json.loads(json.dumps(datafile[a]))
I'll make the change on my next commit. Thanks for catching this. π
Fixed in 4751d60.