ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-24 05:40:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

safe_eval fix (#57188)

Browse source 
* just dont pass locals

 - also fix globals
 - added tests

* fixed tests
This commit is contained in:
Brian Coca 2019-06-06 15:36:22 -04:00 committed by GitHub
commit b9b0b23015
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 73 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/ansible/template/safe_eval.py
View file

@ -42,10 +42,14 @@ def safe_eval(expr, locals=None, include_exceptions=False):
# define certain JSON types
# eg. JSON booleans are unknown to python eval()
JSON_TYPES = {
OUR_GLOBALS = {
'__builtins__': {}, # avoid global builtins as per eval docs
'false': False,
'null': None,
'true': True,
# also add back some builtins we do need
'True': True,
'False': False,
}
# this is the whitelist of AST nodes we are going to
@ -138,7 +142,7 @@ def safe_eval(expr, locals=None, include_exceptions=False):
# Note: passing our own globals and locals here constrains what
# callables (and other identifiers) are recognized. this is in
# addition to the filtering of builtins done in CleansingNodeVisitor
result = eval(compiled, JSON_TYPES, dict(locals))
result = eval(compiled, OUR_GLOBALS, dict(locals))
if include_exceptions:
return (result, None)