diff options
| author | Guido van Rossum <guido@python.org> | 1997-12-10 22:59:55 (GMT) |
|---|---|---|
| committer | Guido van Rossum <guido@python.org> | 1997-12-10 22:59:55 (GMT) |
| commit | d0753e20b256057a6320e95e43974f053f4123f1 (patch) | |
| tree | 16b8823424a3726cbcd52b7f68f47318599c2631 | |
| parent | 90d62ab0a175b8f3451ee74f29d5de83650e2292 (diff) | |
| download | cpython-d0753e20b256057a6320e95e43974f053f4123f1.zip cpython-d0753e20b256057a6320e95e43974f053f4123f1.tar.gz cpython-d0753e20b256057a6320e95e43974f053f4123f1.tar.bz2 | |
At Barry's suggestion, plug the security leak by using an empty
__builtins__ for all calls to eval(). This still allows someone to
write string.atof("[1]*1000000") (which Jim Fulton worries about) but
effectively disables access to system modules and functions.
| -rw-r--r-- | Lib/string.py | 9 | ||||
| -rw-r--r-- | Lib/stringold.py | 9 |
2 files changed, 12 insertions, 6 deletions
diff --git a/Lib/string.py b/Lib/string.py index 8c64952..c0f5147 100644 --- a/Lib/string.py +++ b/Lib/string.py @@ -198,6 +198,9 @@ def rfind(s, sub, i = 0, last=None): i = i+1 return r +# "Safe" environment for eval() +safe_env = {"__builtins__": {}} + # Convert string to float re = None def atof(str): @@ -219,7 +222,7 @@ def atof(str): if re and not re.match('[0-9]*(\.[0-9]*)?([eE][-+]?[0-9]+)?$', s): raise ValueError, 'non-float argument to string.atof' try: - return float(eval(sign + s, {})) + return float(eval(sign + s, safe_env)) except SyntaxError: raise ValueError, 'non-float argument to string.atof' @@ -239,7 +242,7 @@ def atoi(str, base=10): for c in s: if c not in digits: raise ValueError, 'non-integer argument to string.atoi' - return eval(sign + s) + return eval(sign + s, safe_env) # Convert string to long integer def atol(str, base=10): @@ -257,7 +260,7 @@ def atol(str, base=10): for c in s: if c not in digits: raise ValueError, 'non-integer argument to string.atol' - return eval(sign + s + 'L') + return eval(sign + s + 'L', safe_env) # Left-justify a string def ljust(s, width): diff --git a/Lib/stringold.py b/Lib/stringold.py index 8c64952..c0f5147 100644 --- a/Lib/stringold.py +++ b/Lib/stringold.py @@ -198,6 +198,9 @@ def rfind(s, sub, i = 0, last=None): i = i+1 return r +# "Safe" environment for eval() +safe_env = {"__builtins__": {}} + # Convert string to float re = None def atof(str): @@ -219,7 +222,7 @@ def atof(str): if re and not re.match('[0-9]*(\.[0-9]*)?([eE][-+]?[0-9]+)?$', s): raise ValueError, 'non-float argument to string.atof' try: - return float(eval(sign + s, {})) + return float(eval(sign + s, safe_env)) except SyntaxError: raise ValueError, 'non-float argument to string.atof' @@ -239,7 +242,7 @@ def atoi(str, base=10): for c in s: if c not in digits: raise ValueError, 'non-integer argument to string.atoi' - return eval(sign + s) + return eval(sign + s, safe_env) # Convert string to long integer def atol(str, base=10): @@ -257,7 +260,7 @@ def atol(str, base=10): for c in s: if c not in digits: raise ValueError, 'non-integer argument to string.atol' - return eval(sign + s + 'L') + return eval(sign + s + 'L', safe_env) # Left-justify a string def ljust(s, width): |