localeval: comment on security issues
Minor syntax fixes. Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
parent
e613f6992d
commit
4589cfeff2
@ -1,7 +1,6 @@
|
|||||||
"""Eval python code with global namespace of a python source file."""
|
"""Eval python code with global namespace of a python source file."""
|
||||||
|
|
||||||
# Copyright (C) 2002 John Goerzen
|
# Copyright (C) 2002-2014 John Goerzen & contributors
|
||||||
# <jgoerzen@complete.org>
|
|
||||||
#
|
#
|
||||||
# This program is free software; you can redistribute it and/or modify
|
# This program is free software; you can redistribute it and/or modify
|
||||||
# it under the terms of the GNU General Public License as published by
|
# it under the terms of the GNU General Public License as published by
|
||||||
@ -24,18 +23,24 @@ except:
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
class LocalEval:
|
class LocalEval:
|
||||||
|
"""Here is a powerfull but very dangerous option, of course.
|
||||||
|
|
||||||
|
Assume source file to be ASCII encoded."""
|
||||||
|
|
||||||
def __init__(self, path=None):
|
def __init__(self, path=None):
|
||||||
self.namespace={}
|
self.namespace = {}
|
||||||
|
|
||||||
if path is not None:
|
if path is not None:
|
||||||
file=open(path, 'r')
|
# FIXME: limit opening files owned by current user with rights set
|
||||||
module=imp.load_module(
|
# to fixed mode 644.
|
||||||
|
file = open(path, 'r')
|
||||||
|
module = imp.load_module(
|
||||||
'<none>',
|
'<none>',
|
||||||
file,
|
file,
|
||||||
path,
|
path,
|
||||||
('', 'r', imp.PY_SOURCE))
|
('', 'r', imp.PY_SOURCE))
|
||||||
for attr in dir(module):
|
for attr in dir(module):
|
||||||
self.namespace[attr]=getattr(module, attr)
|
self.namespace[attr] = getattr(module, attr)
|
||||||
|
|
||||||
def eval(self, text, namespace=None):
|
def eval(self, text, namespace=None):
|
||||||
names = {}
|
names = {}
|
||||||
|
Loading…
Reference in New Issue
Block a user