tobias/docker-offlineimap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

localeval: comment on security issues

Browse Source 
Minor syntax fixes.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Nicolas Sebrecht 2014-12-23 10:12:23 +01:00
parent e613f6992d
commit 4589cfeff2
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
offlineimap/localeval.py
View File

@ -1,7 +1,6 @@
"""Eval python code with global namespace of a python source file.""" """Eval python code with global namespace of a python source file."""
# Copyright (C) 2002 John Goerzen # Copyright (C) 2002-2014 John Goerzen & contributors
# <jgoerzen@complete.org>
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -24,18 +23,24 @@ except:
pass pass
class LocalEval: class LocalEval:
"""Here is a powerfull but very dangerous option, of course.
Assume source file to be ASCII encoded."""
def __init__(self, path=None): def __init__(self, path=None):
self.namespace={} self.namespace = {}
if path is not None: if path is not None:
file=open(path, 'r') # FIXME: limit opening files owned by current user with rights set
module=imp.load_module( # to fixed mode 644.
file = open(path, 'r')
module = imp.load_module(
'<none>', '<none>',
file, file,
path, path,
('', 'r', imp.PY_SOURCE)) ('', 'r', imp.PY_SOURCE))
for attr in dir(module): for attr in dir(module):
self.namespace[attr]=getattr(module, attr) self.namespace[attr] = getattr(module, attr)
def eval(self, text, namespace=None): def eval(self, text, namespace=None):
names = {} names = {}