From b035dcb6b727d67e684517a5d526d0b7a771fa89 Mon Sep 17 00:00:00 2001 From: Faraphel Date: Fri, 19 Aug 2022 19:13:51 +0200 Subject: [PATCH] added a todo --- source/safe_eval/safe_eval.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source/safe_eval/safe_eval.py b/source/safe_eval/safe_eval.py index 1b2fe80..ecb3f9c 100644 --- a/source/safe_eval/safe_eval.py +++ b/source/safe_eval/safe_eval.py @@ -86,6 +86,18 @@ def safe_eval(template: "TemplateSafeEval", env: "Env" = None, macros: dict[str, elif node.id in args: raise SafeEvalException(_("CANNOT_SET_ARGUMENT", ' : "', node.id, '"')) + # when calling any function + case ast.Call: + # ban the function and method from the environment + for callnode in ast.walk(node.func): + if isinstance(callnode, ast.Attribute): + for attrnode in ast.walk(callnode.value): + if isinstance(attrnode, ast.Name): + if attrnode.id in globals_ | locals_ or attrnode.id in args: + raise SafeEvalException( + _("CALLING_FUNCTION_NOT_ALLOWED", ' : "', callnode.attr, '"') + ) + # when assigning a value with ":=" case ast.NamedExpr: # embed the value into a deepcopy, to avoid interaction with class attribute