From 3da664c5e13a93d6db2b25fa9789e0f2eb86a981 Mon Sep 17 00:00:00 2001
From: jonasgaudian <43753916+jonasgaudian@users.noreply.github.com>
Date: Sat, 21 Feb 2026 03:00:39 +0100
Subject: [PATCH] refactor: replace eval() with helper function for numeric
 filtering

---
 streamlit_app.py | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/streamlit_app.py b/streamlit_app.py
index 3c76da0..6708292 100644
--- a/streamlit_app.py
+++ b/streamlit_app.py
@@ -145,16 +145,31 @@ def apply_filters(df: pd.DataFrame, pattern: Optional[str] = None, regex_column:
             operator = numeric_filter["operator"]
             value = numeric_filter["value"]
             
+            # Helper function to apply operator comparison safely
+            def apply_operator(series, op, val):
+                if op == ">":
+                    return series > val
+                elif op == "<":
+                    return series < val
+                elif op == ">=":
+                    return series >= val
+                elif op == "<=":
+                    return series <= val
+                elif op == "=":
+                    return series == val
+                else:
+                    raise ValueError(f"Unbekannter Operator: {op}")
+            
             if column == "Alle Spalten":
                 combined_mask = pd.Series([False] * len(filtered_df), index=filtered_df.index)
                 for col in filtered_df.columns:
                     num_series = pd.to_numeric(filtered_df[col], errors='coerce')
-                    col_mask = eval(f"num_series {operator} value")
+                    col_mask = apply_operator(num_series, operator, value)
                     combined_mask = combined_mask | col_mask
                 filtered_df = filtered_df[combined_mask]
             else:
                 num_series = pd.to_numeric(filtered_df[column], errors='coerce')
-                filtered_df = filtered_df[eval(f"num_series {operator} value")]
+                filtered_df = filtered_df[apply_operator(num_series, operator, value)]
             filters_applied.append("Numerisch")
         except Exception as e:
             return None, None, f"Fehler beim Anwenden des numerischen Filters: {e}"
@@ -671,7 +686,6 @@ def main():
             # Speicherverbrauch
             memory_mb = st.session_state.df.memory_usage(deep=True).sum() / 1024 / 1024
             st.caption(f"Speicher: {memory_mb:.1f} MB")
-            st.caption("*Version 0.1* ")
             
         else:
             st.info("Lade eine Excel-Datei hoch, um Statistiken anzuzeigen.")
@@ -684,6 +698,7 @@ def main():
             3. "Filter anwenden" klicken
             4. Ergebnisse herunterladen
             """)
+        st.caption("*Version 0.1* ")
 
     st.title("Excel Filter Tool")
     st.markdown("*Temporäre Session: Es werden keine Daten und Einstellungen gespeichert!* ")