From 10393b170863799bbfa785410828e468c84d4937 Mon Sep 17 00:00:00 2001 From: Guido van Rossum Date: Tue, 10 Jan 1995 10:39:49 +0000 Subject: add restrictions in restricted mode --- Objects/classobject.c | 56 ++++++++++++++++++++++++++++---------------------- Objects/funcobject.c | 6 ++++++ Objects/methodobject.c | 8 +++++++- 3 files changed, 45 insertions(+), 25 deletions(-) diff --git a/Objects/classobject.c b/Objects/classobject.c index 48c60d4..f18b4fb 100644 --- a/Objects/classobject.c +++ b/Objects/classobject.c @@ -116,21 +116,28 @@ class_getattr(op, name) { register object *v; classobject *class; - if (strcmp(name, "__dict__") == 0) { - INCREF(op->cl_dict); - return op->cl_dict; - } - if (strcmp(name, "__bases__") == 0) { - INCREF(op->cl_bases); - return op->cl_bases; - } - if (strcmp(name, "__name__") == 0) { - if (op->cl_name == NULL) - v = None; - else - v = op->cl_name; - INCREF(v); - return v; + if (name[0] == '_' && name[1] == '_') { + if (strcmp(name, "__dict__") == 0) { + if (getrestricted()) { + err_setstr(RuntimeError, + "class.__dict__ not accessible in restricted mode"); + return NULL; + } + INCREF(op->cl_dict); + return op->cl_dict; + } + if (strcmp(name, "__bases__") == 0) { + INCREF(op->cl_bases); + return op->cl_bases; + } + if (strcmp(name, "__name__") == 0) { + if (op->cl_name == NULL) + v = None; + else + v = op->cl_name; + INCREF(v); + return v; + } } v = class_lookup(op, name, &class); if (v == NULL) { @@ -365,6 +372,11 @@ instance_getattr1(inst, name) classobject *class; if (name[0] == '_' && name[1] == '_') { if (strcmp(name, "__dict__") == 0) { + if (getrestricted()) { + err_setstr(RuntimeError, + "instance.__dict__ not accessible in restricted mode"); + return NULL; + } INCREF(inst->in_dict); return inst->in_dict; } @@ -420,15 +432,6 @@ instance_getattr(inst, name) res = instance_getattr1(inst, name); if (res == NULL && (func = inst->in_class->cl_getattr) != NULL) { object *args; -#if 0 - if (name[0] == '_' && name[1] == '_') { - int n = strlen(name); - if (name[n-1] == '_' && name[n-2] == '_') { - /* Don't mess with system attributes */ - return NULL; - } - } -#endif err_clear(); args = mkvalue("(Os)", inst, name); if (args == NULL) @@ -1132,6 +1135,11 @@ instancemethod_getattr(im, name) register instancemethodobject *im; char *name; { + if (name[0] != '_' && getrestricted()) { + err_setstr(RuntimeError, + "instance-method attributes not accessible in restricted mode"); + return NULL; + } return getmember((char *)im, instancemethod_memberlist, name); } diff --git a/Objects/funcobject.c b/Objects/funcobject.c index 304fb37..e2ba2a9 100644 --- a/Objects/funcobject.c +++ b/Objects/funcobject.c @@ -127,6 +127,7 @@ static struct memberlist func_memberlist[] = { {"func_code", T_OBJECT, OFF(func_code), READONLY}, {"func_globals",T_OBJECT, OFF(func_globals), READONLY}, {"func_name", T_OBJECT, OFF(func_name), READONLY}, + {"__name__", T_OBJECT, OFF(func_name), READONLY}, {"func_argcount",T_INT, OFF(func_argcount), READONLY}, {"func_argdefs",T_OBJECT, OFF(func_argdefs), READONLY}, {"func_doc", T_OBJECT, OFF(func_doc)}, @@ -139,6 +140,11 @@ func_getattr(op, name) funcobject *op; char *name; { + if (name[0] != '_' && getrestricted()) { + err_setstr(RuntimeError, + "function attributes not accessible in restricted mode"); + return NULL; + } return getmember((char *)op, func_memberlist, name); } diff --git a/Objects/methodobject.c b/Objects/methodobject.c index c33cea5..61420aa 100644 --- a/Objects/methodobject.c +++ b/Objects/methodobject.c @@ -107,7 +107,13 @@ meth_getattr(m, name) return None; } if (strcmp(name, "__self__") == 0) { - object *self = m->m_self; + object *self; + if (getrestricted()) { + err_setstr(RuntimeError, + "method.__self__ not accessible in restricted mode"); + return NULL; + } + self = m->m_self; if (self == NULL) self = None; INCREF(self); -- cgit v0.12