From c9b1bf302ce67031e0309a9b0ea55ecdd68ed682 Mon Sep 17 00:00:00 2001 From: Irit Katriel <1055913+iritkatriel@users.noreply.github.com> Date: Sun, 16 Feb 2025 13:32:39 +0000 Subject: gh-130139: always check ast node type in ast.parse() with ast input (#130140) --- Doc/whatsnew/3.14.rst | 4 +++ Include/internal/pycore_ast.h | 1 + Lib/test/test_ast/test_ast.py | 6 ++++ Lib/test/test_unparse.py | 4 +-- .../2025-02-15-01-37-47.gh-issue-130139.gntc7B.rst | 2 ++ Parser/asdl_c.py | 35 +++++++++++++++------- Python/Python-ast.c | 34 ++++++++++++++------- Python/bltinmodule.c | 3 ++ 8 files changed, 65 insertions(+), 24 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2025-02-15-01-37-47.gh-issue-130139.gntc7B.rst diff --git a/Doc/whatsnew/3.14.rst b/Doc/whatsnew/3.14.rst index c42a5a0..ac0ae8c 100644 --- a/Doc/whatsnew/3.14.rst +++ b/Doc/whatsnew/3.14.rst @@ -346,6 +346,10 @@ ast * The ``repr()`` output for AST nodes now includes more information. (Contributed by Tomas R in :gh:`116022`.) +* :func:`ast.parse`, when called with an AST as input, now always verifies + that the root node type is appropriate. + (Contributed by Irit Katriel in :gh:`130139`.) + calendar -------- diff --git a/Include/internal/pycore_ast.h b/Include/internal/pycore_ast.h index f5bf120..69abc35 100644 --- a/Include/internal/pycore_ast.h +++ b/Include/internal/pycore_ast.h @@ -907,6 +907,7 @@ type_param_ty _PyAST_TypeVarTuple(identifier name, expr_ty default_value, int PyObject* PyAST_mod2obj(mod_ty t); +int PyAst_CheckMode(PyObject *ast, int mode); mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode); int PyAST_Check(PyObject* obj); diff --git a/Lib/test/test_ast/test_ast.py b/Lib/test/test_ast/test_ast.py index 434f291..42dbb6e 100644 --- a/Lib/test/test_ast/test_ast.py +++ b/Lib/test/test_ast/test_ast.py @@ -131,6 +131,12 @@ class AST_Tests(unittest.TestCase): tree = ast.parse(snippet) compile(tree, '', 'exec') + def test_parse_invalid_ast(self): + # see gh-130139 + for optval in (-1, 0, 1, 2): + self.assertRaises(TypeError, ast.parse, ast.Constant(42), + optimize=optval) + def test_optimization_levels__debug__(self): cases = [(-1, '__debug__'), (0, '__debug__'), (1, False), (2, False)] for (optval, expected) in cases: diff --git a/Lib/test/test_unparse.py b/Lib/test/test_unparse.py index f6c4f1f..f45a651 100644 --- a/Lib/test/test_unparse.py +++ b/Lib/test/test_unparse.py @@ -422,9 +422,9 @@ class UnparseTestCase(ASTTestCase): self.check_ast_roundtrip(f"'''{docstring}'''") def test_constant_tuples(self): - self.check_src_roundtrip(ast.Constant(value=(1,), kind=None), "(1,)") + self.check_src_roundtrip(ast.Module([ast.Constant(value=(1,))]), "(1,)") self.check_src_roundtrip( - ast.Constant(value=(1, 2, 3), kind=None), "(1, 2, 3)" + ast.Module([ast.Constant(value=(1, 2, 3))]), "(1, 2, 3)" ) def test_function_type(self): diff --git a/Misc/NEWS.d/next/Library/2025-02-15-01-37-47.gh-issue-130139.gntc7B.rst b/Misc/NEWS.d/next/Library/2025-02-15-01-37-47.gh-issue-130139.gntc7B.rst new file mode 100644 index 0000000..5cb3bf1 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-02-15-01-37-47.gh-issue-130139.gntc7B.rst @@ -0,0 +1,2 @@ +Fix bug where :func:`ast.parse` did not error on AST input which is not of the +correct type, when called with optimize=False. diff --git a/Parser/asdl_c.py b/Parser/asdl_c.py index 7b2df73..b2a5dd6 100755 --- a/Parser/asdl_c.py +++ b/Parser/asdl_c.py @@ -2166,18 +2166,13 @@ PyObject* PyAST_mod2obj(mod_ty t) } /* mode is 0 for "exec", 1 for "eval" and 2 for "single" input */ -mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode) +int PyAst_CheckMode(PyObject *ast, int mode) { const char * const req_name[] = {"Module", "Expression", "Interactive"}; - int isinstance; - - if (PySys_Audit("compile", "OO", ast, Py_None) < 0) { - return NULL; - } struct ast_state *state = get_ast_state(); if (state == NULL) { - return NULL; + return -1; } PyObject *req_type[3]; @@ -2186,13 +2181,30 @@ mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode) req_type[2] = state->Interactive_type; assert(0 <= mode && mode <= 2); - - isinstance = PyObject_IsInstance(ast, req_type[mode]); - if (isinstance == -1) - return NULL; + int isinstance = PyObject_IsInstance(ast, req_type[mode]); + if (isinstance == -1) { + return -1; + } if (!isinstance) { PyErr_Format(PyExc_TypeError, "expected %s node, got %.400s", req_name[mode], _PyType_Name(Py_TYPE(ast))); + return -1; + } + return 0; +} + +mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode) +{ + if (PySys_Audit("compile", "OO", ast, Py_None) < 0) { + return NULL; + } + + struct ast_state *state = get_ast_state(); + if (state == NULL) { + return NULL; + } + + if (PyAst_CheckMode(ast, mode) < 0) { return NULL; } @@ -2356,6 +2368,7 @@ def write_header(mod, metadata, f): f.write(textwrap.dedent(""" PyObject* PyAST_mod2obj(mod_ty t); + int PyAst_CheckMode(PyObject *ast, int mode); mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode); int PyAST_Check(PyObject* obj); diff --git a/Python/Python-ast.c b/Python/Python-ast.c index 7038e3c..4adf72a 100644 --- a/Python/Python-ast.c +++ b/Python/Python-ast.c @@ -18161,18 +18161,13 @@ PyObject* PyAST_mod2obj(mod_ty t) } /* mode is 0 for "exec", 1 for "eval" and 2 for "single" input */ -mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode) +int PyAst_CheckMode(PyObject *ast, int mode) { const char * const req_name[] = {"Module", "Expression", "Interactive"}; - int isinstance; - - if (PySys_Audit("compile", "OO", ast, Py_None) < 0) { - return NULL; - } struct ast_state *state = get_ast_state(); if (state == NULL) { - return NULL; + return -1; } PyObject *req_type[3]; @@ -18181,13 +18176,30 @@ mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode) req_type[2] = state->Interactive_type; assert(0 <= mode && mode <= 2); - - isinstance = PyObject_IsInstance(ast, req_type[mode]); - if (isinstance == -1) - return NULL; + int isinstance = PyObject_IsInstance(ast, req_type[mode]); + if (isinstance == -1) { + return -1; + } if (!isinstance) { PyErr_Format(PyExc_TypeError, "expected %s node, got %.400s", req_name[mode], _PyType_Name(Py_TYPE(ast))); + return -1; + } + return 0; +} + +mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode) +{ + if (PySys_Audit("compile", "OO", ast, Py_None) < 0) { + return NULL; + } + + struct ast_state *state = get_ast_state(); + if (state == NULL) { + return NULL; + } + + if (PyAst_CheckMode(ast, mode) < 0) { return NULL; } diff --git a/Python/bltinmodule.c b/Python/bltinmodule.c index 46a6fd9..a7243ba 100644 --- a/Python/bltinmodule.c +++ b/Python/bltinmodule.c @@ -835,6 +835,9 @@ builtin_compile_impl(PyObject *module, PyObject *source, PyObject *filename, goto error; if (is_ast) { if ((flags & PyCF_OPTIMIZED_AST) == PyCF_ONLY_AST) { + if (PyAst_CheckMode(source, compile_mode) < 0) { + goto error; + } // return an un-optimized AST result = Py_NewRef(source); } -- cgit v0.12