diff options
author | Raymond Hettinger <rhettinger@users.noreply.github.com> | 2020-06-08 06:51:40 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-08 06:51:40 (GMT) |
commit | 3ff51d425ecd98b7ba5a12ca9f77eda73fbf9f53 (patch) | |
tree | 507694fcd5f3dc2538c2327c1692ad9dd22b1249 /Lib/collections | |
parent | 7633371dace67aaa21eb4b86f889441571ec4167 (diff) | |
download | cpython-3ff51d425ecd98b7ba5a12ca9f77eda73fbf9f53.zip cpython-3ff51d425ecd98b7ba5a12ca9f77eda73fbf9f53.tar.gz cpython-3ff51d425ecd98b7ba5a12ca9f77eda73fbf9f53.tar.bz2 |
Deny eval() direct access to builtins (GH-20713)
Diffstat (limited to 'Lib/collections')
-rw-r--r-- | Lib/collections/__init__.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Lib/collections/__init__.py b/Lib/collections/__init__.py index 03393f3..1e3b54c 100644 --- a/Lib/collections/__init__.py +++ b/Lib/collections/__init__.py @@ -407,7 +407,8 @@ def namedtuple(typename, field_names, *, rename=False, defaults=None, module=Non # Create all the named tuple methods to be added to the class namespace s = f'lambda _cls, {arg_list}: _tuple_new(_cls, ({arg_list}))' - namespace = {'_tuple_new': tuple_new, '__name__': f'namedtuple_{typename}'} + namespace = {'_tuple_new': tuple_new, '__builtins__': None, + '__name__': f'namedtuple_{typename}'} __new__ = eval(s, namespace) __new__.__doc__ = f'Create new instance of {typename}({arg_list})' if defaults is not None: |