diff options
author | Guido van Rossum <guido@python.org> | 1997-12-10 22:59:55 (GMT) |
---|---|---|
committer | Guido van Rossum <guido@python.org> | 1997-12-10 22:59:55 (GMT) |
commit | d0753e20b256057a6320e95e43974f053f4123f1 (patch) | |
tree | 16b8823424a3726cbcd52b7f68f47318599c2631 /Lib/string.py | |
parent | 90d62ab0a175b8f3451ee74f29d5de83650e2292 (diff) | |
download | cpython-d0753e20b256057a6320e95e43974f053f4123f1.zip cpython-d0753e20b256057a6320e95e43974f053f4123f1.tar.gz cpython-d0753e20b256057a6320e95e43974f053f4123f1.tar.bz2 |
At Barry's suggestion, plug the security leak by using an empty
__builtins__ for all calls to eval(). This still allows someone to
write string.atof("[1]*1000000") (which Jim Fulton worries about) but
effectively disables access to system modules and functions.
Diffstat (limited to 'Lib/string.py')
-rw-r--r-- | Lib/string.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/Lib/string.py b/Lib/string.py index 8c64952..c0f5147 100644 --- a/Lib/string.py +++ b/Lib/string.py @@ -198,6 +198,9 @@ def rfind(s, sub, i = 0, last=None): i = i+1 return r +# "Safe" environment for eval() +safe_env = {"__builtins__": {}} + # Convert string to float re = None def atof(str): @@ -219,7 +222,7 @@ def atof(str): if re and not re.match('[0-9]*(\.[0-9]*)?([eE][-+]?[0-9]+)?$', s): raise ValueError, 'non-float argument to string.atof' try: - return float(eval(sign + s, {})) + return float(eval(sign + s, safe_env)) except SyntaxError: raise ValueError, 'non-float argument to string.atof' @@ -239,7 +242,7 @@ def atoi(str, base=10): for c in s: if c not in digits: raise ValueError, 'non-integer argument to string.atoi' - return eval(sign + s) + return eval(sign + s, safe_env) # Convert string to long integer def atol(str, base=10): @@ -257,7 +260,7 @@ def atol(str, base=10): for c in s: if c not in digits: raise ValueError, 'non-integer argument to string.atol' - return eval(sign + s + 'L') + return eval(sign + s + 'L', safe_env) # Left-justify a string def ljust(s, width): |