[util:filter] re-enable builtins
Trying to restrict access to Python's builtin functions (exec, print, __import__, ...) can easily be circumvented and is therefore completely pointless. This also adds 'safe_int()' and the 'datetime' module to the global namespace used when evaluating filter expressions.
This commit is contained in:
Mike Fährmann
@@ -17,6 +17,7 @@ import random
|
|||||||
import string
|
import string
|
||||||
import _string
|
import _string
|
||||||
import hashlib
|
import hashlib
|
||||||
|
import datetime
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
from . import text, exception
|
from . import text, exception
|
||||||
|
|
||||||
@@ -195,7 +196,7 @@ class UniquePredicate():
|
|||||||
|
|
||||||
class FilterPredicate():
|
class FilterPredicate():
|
||||||
"""Predicate; True if evaluating the given expression returns True"""
|
"""Predicate; True if evaluating the given expression returns True"""
|
||||||
globalsdict = {"__builtins__": {}}
|
globalsdict = {"safe_int": safe_int, "datetime": datetime.datetime}
|
||||||
|
|
||||||
def __init__(self, codeobj):
|
def __init__(self, codeobj):
|
||||||
self.codeobj = codeobj
|
self.codeobj = codeobj
|
||||||
|
|||||||
Reference in New Issue
Block a user