diff options
Diffstat (limited to 'pythonmod/examples')
| -rw-r--r-- | pythonmod/examples/calc.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/pythonmod/examples/calc.py b/pythonmod/examples/calc.py index 3230e37e3eea6..8c15f50b9d75c 100644 --- a/pythonmod/examples/calc.py +++ b/pythonmod/examples/calc.py @@ -45,9 +45,13 @@ def operate(id, event, qstate, qdata): if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - if qstate.qinfo.qname_str.endswith("._calc_.cz."): + if qstate.qinfo.qname_str.endswith("._calc_.cz.") and not ("__" in qstate.qinfo.qname_str): try: - res = eval(''.join(qstate.qinfo.qname_list[0:-3])) + # the second and third argument to eval attempt to restrict + # functions and variables available to stop code execution + # but it may not be safe either. This is why __ substrings + # are excluded from evaluation. + res = eval(''.join(qstate.qinfo.qname_list[0:-3]),{"__builtins__":None},{}) except: res = "exception" |