|
|
bc0a7a |
From cf8d70b86f0d5ee9e72a1e69ad76cf5831f977fa Mon Sep 17 00:00:00 2001
|
|
|
bc0a7a |
From: Eric Soroos <eric-github@soroos.net>
|
|
|
bc0a7a |
Date: Thu, 8 Feb 2024 21:32:44 +0100
|
|
|
bc0a7a |
Subject: [PATCH] Don't allow __ or builtins in env dictionarys for
|
|
|
bc0a7a |
ImageMath.eval
|
|
|
bc0a7a |
|
|
|
bc0a7a |
---
|
|
|
bc0a7a |
PIL/ImageMath.py | 5 +++++
|
|
|
bc0a7a |
Tests/test_imagemath.py | 6 ++++++
|
|
|
bc0a7a |
2 files changed, 11 insertions(+)
|
|
|
bc0a7a |
|
|
|
bc0a7a |
diff --git a/PIL/ImageMath.py b/PIL/ImageMath.py
|
|
|
bc0a7a |
index 5312207..13550a9 100644
|
|
|
bc0a7a |
--- a/PIL/ImageMath.py
|
|
|
bc0a7a |
+++ b/PIL/ImageMath.py
|
|
|
bc0a7a |
@@ -213,6 +213,11 @@ def eval(expression, _dict={}, **kw):
|
|
|
bc0a7a |
|
|
|
bc0a7a |
# build execution namespace
|
|
|
bc0a7a |
args = ops.copy()
|
|
|
bc0a7a |
+ for k in list(_dict.keys()) + list(kw.keys()):
|
|
|
bc0a7a |
+ if "__" in k or hasattr(builtins, k):
|
|
|
bc0a7a |
+ msg = "'{0}' not allowed".format(k)
|
|
|
bc0a7a |
+ raise ValueError(msg)
|
|
|
bc0a7a |
+
|
|
|
bc0a7a |
args.update(_dict)
|
|
|
bc0a7a |
args.update(kw)
|
|
|
bc0a7a |
for k, v in list(args.items()):
|
|
|
bc0a7a |
diff --git a/Tests/test_imagemath.py b/Tests/test_imagemath.py
|
|
|
bc0a7a |
index da9d1d7..aaf32cf 100644
|
|
|
bc0a7a |
--- a/Tests/test_imagemath.py
|
|
|
bc0a7a |
+++ b/Tests/test_imagemath.py
|
|
|
bc0a7a |
@@ -45,6 +45,12 @@ def test_ops():
|
|
|
bc0a7a |
assert_equal(pixel(ImageMath.eval("float(B)**2", images)), "F 4.0")
|
|
|
bc0a7a |
assert_equal(pixel(ImageMath.eval("float(B)**33", images)), "F 8589934592.0")
|
|
|
bc0a7a |
|
|
|
bc0a7a |
+def test_prevent_double_underscores():
|
|
|
bc0a7a |
+ assert_exception(ValueError, lambda: ImageMath.eval("1", {"__": None}))
|
|
|
bc0a7a |
+
|
|
|
bc0a7a |
+def test_prevent_builtins():
|
|
|
bc0a7a |
+ assert_exception(ValueError, lambda: ImageMath.eval("(lambda: isinstance('a', str))()", {"isinstance": None}))
|
|
|
bc0a7a |
+
|
|
|
bc0a7a |
def test_logical():
|
|
|
bc0a7a |
assert_exception(ValueError, ImageMath.eval("exit()"))
|
|
|
bc0a7a |
assert_exception(ValueError, ImageMath.eval("(lambda:(exit()))()"))
|
|
|
bc0a7a |
--
|
|
|
bc0a7a |
2.43.0
|
|
|
bc0a7a |
|