Giters

GurpreetKang / BitwardenDecrypt

Decrypts an encrypted Bitwarden data.json file.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Reason for `ast.literal_eval`?

GurpreetKang opened this issue Β· comments

commented

Issue #1 was originally created by @irgeek, but was accidentally deleted by me. πŸ™

BitwardenDecrypt/BitwardenDecrypt.py

Line 279 in 4751d60

groupData = json.loads(json.dumps(datafile[a]))

I noticed while perusing the code that you seem to be turning parts of the already-decoded JSON into string and evaluating them as Python with the ast.literal_eval method. What's the reason for this? It's common practice to avoid eval whenever possible, and this specific usage appears to do nothing more than inefficiently copy a data structure.

commented

Hi @irgeek,

Honestly, I don't remember the reason. I originally wrote this very late one night and I was getting an error and using ast.literal_eval fixed it so I moved on to other issues that were causing decryption to fail. I have since re-wrote most of the script but I never revisited this. I don't think ast.literal_eval has the same concerns as eval though so I don't think it's a concern.

I should change this to:
groupData = json.loads(json.dumps(datafile[a]))

I'll make the change on my next commit. Thanks for catching this. πŸ™‚

commented

Fixed in 4751d60.