[BUG] Bunch of unsafe evals in code #196
Description
PSA to users: Don't load untrusted input with Sorcar activated.
Sorcar uses the Python eval function a lot, and in unsafe ways. Pretty much everything involving arrays uses it, because "arrays" in Sorcar are represented as strings that are eval'd when they need to be used, though that's not the usage of eval.
Example: in socket_base.py:
return self.set(eval("bpy.data.node_groups['" + self.id_data.name + "'].nodes['" + self.node.name + "']." + self.default_prop))
This is easily exploitable by altering the node or node tree name.