Commits

S. Joshua Swamidass  committed 1e4c6af

made eval call secure

  • Participants
  • Parent commits fe7f809

Comments (0)

Files changed (1)

File confargparse.py

         def __init__(self, f):
             if type(f) == file:
                 if f.name == "<stdin>":
-                    self.s = "sys.stdin"
+                    self.s = "stdin"
                 elif f.name == "<stdout>":
-                    self.s = "sys.stdout"
+                    self.s = "stdout"
                 else:
                     self.s = "file('%s','%s')" % (f.name, f.mode)
             else:
         args = {}
         for dest, (section, name) in self.config_mapping.items():
             try:
-                val = eval(config.get(section, name))
+                val = eval(config.get(section, name),
+                        {'__builtins__':__builtins__, "stdin": sys.stdin,
+                            "stdout": sys.stdout}, {})
             except:
                 continue
             args[dest] = val