From e5e3016394918b2c7e0a0963386e7c6f977d9426 Mon Sep 17 00:00:00 2001
From: John Wiggins <jwiggins@enthought.com>
Date: Wed, 21 Dec 2022 13:57:43 +0100
Subject: [PATCH] FIX: Replace unnecessary eval() calls with literal_eval()

---
 traitsui/qt4/check_list_editor.py   | 3 ++-
 traitsui/qt4/extra/bounds_editor.py | 6 ++++--
 traitsui/qt4/range_editor.py        | 7 ++++---
 traitsui/wx/check_list_editor.py    | 3 ++-
 traitsui/wx/extra/bounds_editor.py  | 6 ++++--
 5 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/traitsui/qt4/check_list_editor.py b/traitsui/qt4/check_list_editor.py
index 77e872289..37e198f36 100644
--- a/traitsui/qt4/check_list_editor.py
+++ b/traitsui/qt4/check_list_editor.py
@@ -26,6 +26,7 @@
 
 
 import logging
+from ast import literal_eval
 
 from pyface.qt import QtCore, QtGui, is_pyside
 
@@ -266,7 +267,7 @@ def update_object(self, event=None):
         """Handles the user changing the contents of the edit control."""
         try:
             value = str(self.control.text())
-            value = eval(value)
+            value = literal_eval(value)
         except:
             pass
         try:
diff --git a/traitsui/qt4/extra/bounds_editor.py b/traitsui/qt4/extra/bounds_editor.py
index b2c007aa9..bcd77e37c 100644
--- a/traitsui/qt4/extra/bounds_editor.py
+++ b/traitsui/qt4/extra/bounds_editor.py
@@ -8,6 +8,8 @@
 #
 # Thanks for using Enthought open source!
 
+from ast import literal_eval
+
 from pyface.qt import QtGui, QtCore
 
 from traits.api import Float, Any, Str, Union
@@ -90,7 +92,7 @@ def init(self, parent):
     def update_low_on_enter(self):
         try:
             try:
-                low = eval(str(self._label_lo.text()).strip())
+                low = literal_eval(str(self._label_lo.text()).strip())
                 if self.evaluate is not None:
                     low = self.evaluate(low)
             except Exception as ex:
@@ -112,7 +114,7 @@ def update_low_on_enter(self):
     def update_high_on_enter(self):
         try:
             try:
-                high = eval(str(self._label_hi.text()).strip())
+                high = literal_eval(str(self._label_hi.text()).strip())
                 if self.evaluate is not None:
                     high = self.evaluate(high)
             except:
diff --git a/traitsui/qt4/range_editor.py b/traitsui/qt4/range_editor.py
index a3450a211..ac65dd319 100644
--- a/traitsui/qt4/range_editor.py
+++ b/traitsui/qt4/range_editor.py
@@ -25,6 +25,7 @@
 """
 
 
+from ast import literal_eval
 from math import log10
 
 from pyface.qt import QtCore, QtGui
@@ -187,7 +188,7 @@ def update_object_on_enter(self):
             return
 
         try:
-            value = eval(str(self.control.text.text()).strip())
+            value = literal_eval(str(self.control.text.text()).strip())
         except Exception as ex:
             # They entered something that didn't eval as a number, (e.g.,
             # 'foo') pretend it didn't happen
@@ -460,7 +461,7 @@ def update_object_on_enter(self):
         if self.control is None:
             return
         try:
-            self.value = eval(str(self.control.text.text()).strip())
+            self.value = literal_eval(str(self.control.text.text()).strip())
         except TraitError as excp:
             pass
 
@@ -727,7 +728,7 @@ def init(self, parent):
     def update_object(self):
         """Handles the user entering input data in the edit control."""
         try:
-            value = eval(str(self.control.text()))
+            value = literal_eval(str(self.control.text()))
             if self.evaluate is not None:
                 value = self.evaluate(value)
 
diff --git a/traitsui/wx/check_list_editor.py b/traitsui/wx/check_list_editor.py
index fae954216..86efdf984 100644
--- a/traitsui/wx/check_list_editor.py
+++ b/traitsui/wx/check_list_editor.py
@@ -14,6 +14,7 @@
 
 
 import logging
+from ast import literal_eval
 
 import wx
 
@@ -240,7 +241,7 @@ def update_object(self, event):
         """Handles the user changing the contents of the edit control."""
         try:
             value = self.control.GetValue()
-            value = eval(value)
+            value = literal_eval(value)
         except:
             pass
         try:
diff --git a/traitsui/wx/extra/bounds_editor.py b/traitsui/wx/extra/bounds_editor.py
index 74db8558a..a4aca8e78 100644
--- a/traitsui/wx/extra/bounds_editor.py
+++ b/traitsui/wx/extra/bounds_editor.py
@@ -8,6 +8,8 @@
 #
 # Thanks for using Enthought open source!
 
+from ast import literal_eval
+
 import wx
 
 from traits.api import Float, Any, Str, Union
@@ -131,7 +133,7 @@ def update_low_on_enter(self, event):
             event.Skip()
         try:
             try:
-                low = eval(str(self._label_lo.GetValue()).strip())
+                low = literal_eval(str(self._label_lo.GetValue()).strip())
                 if self.evaluate is not None:
                     low = self.evaluate(low)
             except Exception as ex:
@@ -155,7 +157,7 @@ def update_high_on_enter(self, event):
             event.Skip()
         try:
             try:
-                high = eval(str(self._label_hi.GetValue()).strip())
+                high = literal_eval(str(self._label_hi.GetValue()).strip())
                 if self.evaluate is not None:
                     high = self.evaluate(high)
             except: