Add some comments about how we're cleaning callables

This commit is contained in:
Toshio Kuratomi 2017-01-11 13:15:41 -08:00
parent 1d80a8dbfb
commit 80357e07de

View file

@ -105,6 +105,9 @@ def safe_eval(expr, locals={}, include_exceptions=False):
elif isinstance(node, ast.Call): elif isinstance(node, ast.Call):
inside_call = True inside_call = True
elif isinstance(node, ast.Name) and inside_call: elif isinstance(node, ast.Name) and inside_call:
# Disallow calls to builtin functions that we have not vetted
# as safe. Other functions are excluded by setting locals in
# the call to eval() later on
if hasattr(builtins, node.id) and node.id not in CALL_WHITELIST: if hasattr(builtins, node.id) and node.id not in CALL_WHITELIST:
raise Exception("invalid function: %s" % node.id) raise Exception("invalid function: %s" % node.id)
# iterate over all child nodes # iterate over all child nodes
@ -122,6 +125,9 @@ def safe_eval(expr, locals={}, include_exceptions=False):
parsed_tree = ast.parse(expr, mode='eval') parsed_tree = ast.parse(expr, mode='eval')
cnv.visit(parsed_tree) cnv.visit(parsed_tree)
compiled = compile(parsed_tree, expr, 'eval') compiled = compile(parsed_tree, expr, 'eval')
# Note: passing our own globals and locals here constrains what
# callables (and other identifiers) are recognized. this is in
# addition to the filtering of builtins done in CleansingNodeVisitor
result = eval(compiled, JSON_TYPES, dict(locals)) result = eval(compiled, JSON_TYPES, dict(locals))
if include_exceptions: if include_exceptions: