fix(trip_planner): replace unsafe eval() in calculator tool with AST …

[sanjaysaini383]

Summary

Fixes a critical security issue in Crewai-agents/trip_planner/tools/calculator_tools.py where CalculatorTools.calculate passed LLM-controlled input to Python eval(), enabling arbitrary code execution (RCE).

This PR replaces eval() with a safe math evaluator that:

• Allows only digits, whitespace, and + - * / ( ) .
• Parses expressions with ast.parse(..., mode="eval")
• Evaluates a restricted AST (constants, binary ops, unary minus)
• Returns clear errors for invalid input and division by zero

Type of Change

• New agent example
• Bug fix
• Documentation update
• Refactor / cleanup
• Other

Checklist

• I have starred this repository.
• I ran ruff check ..
• I ran ruff format ..
• I added/updated README.md for changed example(s). (Not required — behavior unchanged for valid math input; security fix only.)
• I added .env.example if environment variables are required. (N/A)
• I added demo image/GIF (if applicable). (N/A)
• I added agent profile link (if applicable). (N/A)
• I updated CHANGELOG.md (required for non-doc changes).
• I verified paths/commands used in docs.

Related Issue

Closes #111

Notes for Reviewers

Security

Before	After
eval(operation) with full Python builtins	Whitelist + AST-only evaluation
Payloads like __import__('os').system('id') execute	Rejected with ValueError → user-facing error string

Files changed

• Crewai-agents/trip_planner/tools/calculator_tools.py — core fix
• CHANGELOG.md — unreleased fix entry

Behavior preserved

Valid examples from the tool docstring still work, e.g. 200*7 → 1400.0, 5000/2*10 → 25000.0.

[sanjaysaini383]

Hii @gautammanak1
Before merge this PR label this as gssoc26:approved , level : 2 and assign it to me .
Thanks