Untrusted code execution
Paul Rubin
no.email at nospam.invalid
Tue Apr 5 16:39:59 EDT 2016
Jon Ribbens <jon+usenet at unequivocal.co.uk> writes:
>> isinstance(node, ast.Attribute) and node.attr.startswith("_")):
>> raise ValueError("Access to private values is not allowed.")
>> namespace = {"__builtins__": {"int": int, "str": str, "len": len}}
> Nobody has any thoughts on this at all?
What happens with foo.get("5F5F70726976617465".decode("hex")) ?
That string decodes to "__private".
The Bastion module was removed some time ago because every attempt to do
something like this has failed...
More information about the Python-list
mailing list