remove eval from setup.py

rmorshea · rmorshea · commit 1bf73b707f51 · 2021-09-05T17:51:55.000-07:00
diff --git a/setup.py b/setup.py
@@ -72,8 +72,18 @@ def list2cmdline(cmd_list):
 
 pkg_root_init_file = package_dir / "__init__.py"
 for line in pkg_root_init_file.read_text().split("\n"):
-    if line.startswith("__version__ = "):
-        package["version"] = eval(line.split("=", 1)[1])
+    if line.startswith('__version__ = "') and line.endswith('"  # DO NOT MODIFY'):
+        package["version"] = (
+            line
+            # get assignment value
+            .split("=", 1)[1]
+            # remove "DO NOT MODIFY" comment
+            .split("#", 1)[0]
+            # clean up leading/trailing space
+            .strip()
+            # remove the quotes
+            [1:-1]
+        )
         break
 else:
     print(f"No version found in {pkg_root_init_file}")
