Should I use eval() to run the calculations or use something else?
eval() is not a safe method. It is recommended to NOT be used at all because of security issues.
Anytime your dealing with user-inputted data (like from the API you are to build) you could be opening yourself up to a code injection vulnerability where you let an attacker run arbitrary code in your application.
eval is one of the easiest paths to letting this happen because it evaluates code for you. If your taking user-entered values and passing them thru
eval at some point, you could open your app up to attacks. It could be somewhat harmless like the attacker turning your server off, or even vastly more malicious like hi-jacking your applications computation resources to mine bitcoin and or spam people.
The user input will be nothing more than a number and a unit (
gal, etc.), for valid inputs. So, what do you expect
eval to do on this input? I suspect you are overthinking the user stories.
Thank You all for responding to my inquiry.
As I continued working on the project, I realized I didn’t have have to use eval since there were no complex calculating algorithms needed to be written.
But, at least, this post confirms that eval shouldn’t be used because it causes vulnerabilities.