fix(review): address Copilot review feedback

yashhzd · yashhzd · commit 63726679892f · 2026-03-21T17:20:10.000+05:30
- Make SAFE_FUNCTIONS immutable with MappingProxyType
- Document InvalidExpression as the raised base exception
- Use stable assertions in security tests (result != "" and
  parameter name presence) instead of translated error substrings

Signed-off-by: Yash Goel &lt;yashhzd@gmail.com&gt;
Signed-off-by: Yash Goel &lt;yashhzd@users.noreply.github.com&gt;
diff --git a/ardupilot_methodic_configurator/safe_expression_evaluator.py b/ardupilot_methodic_configurator/safe_expression_evaluator.py
@@ -12,17 +12,20 @@
 """
 
 from math import log
+from types import MappingProxyType
 
-from simpleeval import simple_eval
+from simpleeval import InvalidExpression, simple_eval
 
-SAFE_FUNCTIONS = {
-    "max": max,
-    "min": min,
-    "round": round,
-    "abs": abs,
-    "len": len,
-    "log": log,
-}
+SAFE_FUNCTIONS = MappingProxyType(
+    {
+        "max": max,
+        "min": min,
+        "round": round,
+        "abs": abs,
+        "len": len,
+        "log": log,
+    }
+)
 
 
 def safe_evaluate(expression: str, variables: dict) -> object:
@@ -42,9 +45,8 @@ def safe_evaluate(expression: str, variables: dict) -> object:
         The result of evaluating the expression.
 
     Raises:
-        simpleeval.FeatureNotAvailable: If the expression uses a disallowed feature.
-        simpleeval.FunctionNotDefined: If the expression calls an unknown function.
-        simpleeval.NameNotDefined: If the expression references an undefined variable.
+        InvalidExpression: If the expression uses a disallowed feature,
+            calls an unknown function, or references an undefined variable.
 
     """
     return simple_eval(expression, names=variables, functions=SAFE_FUNCTIONS)
diff --git a/tests/test_backend_filesystem_configuration_steps.py b/tests/test_backend_filesystem_configuration_steps.py
@@ -475,7 +475,8 @@ def test_malicious_expression_import_blocked() -> None:
 
     result = config_steps.compute_parameters("test_file", file_info, "forced", variables)
 
-    assert "could not be computed" in result
+    assert result != ""
+    assert "PARAM1" in result
     assert "test_file" not in config_steps.forced_parameters
 
 
@@ -491,7 +492,8 @@ def test_malicious_expression_builtins_blocked() -> None:
 
     result = config_steps.compute_parameters("test_file", file_info, "forced", variables)
 
-    assert "could not be computed" in result
+    assert result != ""
+    assert "PARAM1" in result
     assert "test_file" not in config_steps.forced_parameters
 
 
