[Python-checkins] Deny eval() direct access to builtins (GH-20713)
Raymond Hettinger
webhook-mailer at python.org
Mon Jun 8 02:51:48 EDT 2020
https://github.com/python/cpython/commit/3ff51d425ecd98b7ba5a12ca9f77eda73fbf9f53
commit: 3ff51d425ecd98b7ba5a12ca9f77eda73fbf9f53
branch: master
author: Raymond Hettinger <rhettinger at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2020-06-07T23:51:40-07:00
summary:
Deny eval() direct access to builtins (GH-20713)
files:
M Lib/collections/__init__.py
diff --git a/Lib/collections/__init__.py b/Lib/collections/__init__.py
index 03393f35b11c5..1e3b54ccf9cc9 100644
--- a/Lib/collections/__init__.py
+++ b/Lib/collections/__init__.py
@@ -407,7 +407,8 @@ def namedtuple(typename, field_names, *, rename=False, defaults=None, module=Non
# Create all the named tuple methods to be added to the class namespace
s = f'lambda _cls, {arg_list}: _tuple_new(_cls, ({arg_list}))'
- namespace = {'_tuple_new': tuple_new, '__name__': f'namedtuple_{typename}'}
+ namespace = {'_tuple_new': tuple_new, '__builtins__': None,
+ '__name__': f'namedtuple_{typename}'}
__new__ = eval(s, namespace)
__new__.__doc__ = f'Create new instance of {typename}({arg_list})'
if defaults is not None:
More information about the Python-checkins
mailing list