Commits

Anonymous committed b19cd43

At Barry's suggestion, plug the security leak by using an empty
__builtins__ for all calls to eval(). This still allows someone to
write string.atof("[1]*1000000") (which Jim Fulton worries about) but
effectively disables access to system modules and functions.

  • Participants
  • Parent commits 8ef481c
  • Branches legacy-trunk

Comments (0)

Files changed (2)

 		i = i+1
 	return r
 
+# "Safe" environment for eval()
+safe_env = {"__builtins__": {}}
+
 # Convert string to float
 re = None
 def atof(str):
 	if re and not re.match('[0-9]*(\.[0-9]*)?([eE][-+]?[0-9]+)?$', s):
 		raise ValueError, 'non-float argument to string.atof'
 	try:
-		return float(eval(sign + s, {}))
+		return float(eval(sign + s, safe_env))
 	except SyntaxError:
 		raise ValueError, 'non-float argument to string.atof'
 
 	for c in s:
 		if c not in digits:
 			raise ValueError, 'non-integer argument to string.atoi'
-	return eval(sign + s)
+	return eval(sign + s, safe_env)
 
 # Convert string to long integer
 def atol(str, base=10):
 	for c in s:
 		if c not in digits:
 			raise ValueError, 'non-integer argument to string.atol'
-	return eval(sign + s + 'L')
+	return eval(sign + s + 'L', safe_env)
 
 # Left-justify a string
 def ljust(s, width):
 		i = i+1
 	return r
 
+# "Safe" environment for eval()
+safe_env = {"__builtins__": {}}
+
 # Convert string to float
 re = None
 def atof(str):
 	if re and not re.match('[0-9]*(\.[0-9]*)?([eE][-+]?[0-9]+)?$', s):
 		raise ValueError, 'non-float argument to string.atof'
 	try:
-		return float(eval(sign + s, {}))
+		return float(eval(sign + s, safe_env))
 	except SyntaxError:
 		raise ValueError, 'non-float argument to string.atof'
 
 	for c in s:
 		if c not in digits:
 			raise ValueError, 'non-integer argument to string.atoi'
-	return eval(sign + s)
+	return eval(sign + s, safe_env)
 
 # Convert string to long integer
 def atol(str, base=10):
 	for c in s:
 		if c not in digits:
 			raise ValueError, 'non-integer argument to string.atol'
-	return eval(sign + s + 'L')
+	return eval(sign + s + 'L', safe_env)
 
 # Left-justify a string
 def ljust(s, width):