localeval: comment on security issues

Minor syntax fixes.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Nicolas Sebrecht 2014-12-23 10:12:23 +01:00
parent e613f6992d
commit 4589cfeff2

View File

@ -1,7 +1,6 @@
"""Eval python code with global namespace of a python source file."""
# Copyright (C) 2002 John Goerzen
# <jgoerzen@complete.org>
# Copyright (C) 2002-2014 John Goerzen & contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -24,18 +23,24 @@ except:
pass
class LocalEval:
"""Here is a powerfull but very dangerous option, of course.
Assume source file to be ASCII encoded."""
def __init__(self, path=None):
self.namespace={}
self.namespace = {}
if path is not None:
file=open(path, 'r')
module=imp.load_module(
# FIXME: limit opening files owned by current user with rights set
# to fixed mode 644.
file = open(path, 'r')
module = imp.load_module(
'<none>',
file,
path,
('', 'r', imp.PY_SOURCE))
for attr in dir(module):
self.namespace[attr]=getattr(module, attr)
self.namespace[attr] = getattr(module, attr)
def eval(self, text, namespace=None):
names = {}