upstream/mercurial-mirror Commit - r37494:e9dea82e

wireproto: convert python literal to object without using unsafe eval()...

Yuya Nishihara -

r37494:e9dea82e default

parent child

mercurial/utils/stringutil.py

0 +5 -26

@@ -9,7 +9,7 b''
9		9
10	from __future__ import absolute_import	10	from __future__ import absolute_import
11		11
12	import __future__	12	import ast
13	import codecs	13	import codecs
14	import re as remod	14	import re as remod
15	import textwrap	15	import textwrap
@@ -499,28 +499,7 b' def parsebool(s):'
499	"""	499	"""
500	return _booleans.get(s.lower(), None)	500	return _booleans.get(s.lower(), None)
501		501
502	def evalpython(s):	502	def evalpythonliteral(s):
503	"""Evaluate a string containing a Python expression.	503	"""Evaluate a string containing a Python literal expression"""
504		504	# We could backport our tokenizer hack to rewrite '' to u'' if we want
505	THIS FUNCTION IS NOT SAFE TO USE ON UNTRUSTED INPUT. IT'S USE SHOULD BE	505	return ast.literal_eval(s)
506	LIMITED TO DEVELOPER-FACING FUNCTIONALITY.
507	"""
508	globs = {
509	r'__builtins__': {
510	r'None': None,
511	r'False': False,
512	r'True': True,
513	r'int': int,
514	r'set': set,
515	r'tuple': tuple,
516	# Don't need to expose dict and list because we can use
517	# literals.
518	},
519	}
520
521	# We can't use eval() directly because it inherits compiler
522	# flags from this module and we need unicode literals for Python 3
523	# compatibility.
524	code = compile(s, r'<string>', r'eval',
525	__future__.unicode_literals.compiler_flag, True)
526	return eval(code, globs, {})

mercurial/wireprotoframing.py

0 +3 -5

             def makeframefromhumanstring(s):
                 """Create a frame from a human readable string
-                DANGER: NOT SAFE TO USE WITH UNTRUSTED INPUT BECAUSE OF POTENTIAL
-                eval() USAGE. DO NOT USE IN CORE.
                 Strings have the form:
                     <request-id> <stream-id> <stream-flags> <type> <flags> <payload>
                 Flags can be delimited by `|` to bitwise OR them together.
                 If the payload begins with ``cbor:``, the following string will be
-                evaluated as Python code and the resulting object will be fed into
+                evaluated as Python literal and the resulting object will be fed into
                 a CBOR encoder. Otherwise, the payload is interpreted as a Python
                 byte string literal.
                 """
                         finalflags |= int(flag)
                 if payload.startswith(b'cbor:'):
-                    payload = cbor.dumps(stringutil.evalpython(payload[5:]), canonical=True)
+                    payload = cbor.dumps(stringutil.evalpythonliteral(payload[5:]),
+                                         canonical=True)
                 else:
                     payload = stringutil.unescapestr(payload)

tests/test-wireproto-serverreactor.py

0 0 -4

                                      b'\x05\x00\x00\x01\x00\x01\x00\x10:\x00\x05:\r')
                 def testcborstrings(self):
-                    # String literals should be unicode.
-                    self.assertEqual(ffs(b"1 1 0 1 0 cbor:'foo'"),
-                                     b'\x04\x00\x00\x01\x00\x01\x00\x10cfoo')
                     self.assertEqual(ffs(b"1 1 0 1 0 cbor:b'foo'"),
                                      b'\x04\x00\x00\x01\x00\x01\x00\x10Cfoo')

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages