Projet

Général

Profil

0001-utils-evaluate-allow-some-calls-in-expressions-58055.patch

Benjamin Dauvergne, 29 novembre 2021 14:35

Télécharger (2,79 ko)

Voir les différences: 

Subject: [PATCH 1/3] utils/evaluate: allow some calls in expressions (#58055)


 src/authentic2/utils/evaluate.py | 16 +++++++++++++++-
 tests/test_utils_evaluate.py     |  4 ++++
 2 files changed, 19 insertions(+), 1 deletion(-)
src/authentic2/utils/evaluate.py
146 146 
    - if expressions (x if y else z),
147 147 
    - compare expressions with all operators.
148 148 
    - subscript of direct variable reference.
149 
    - calls to simple names with simple literal or variable values
149 150 

  		




  150
  151
  
    
    Are implicitely forbidden:

  		




  151
  152
  
    
    - binary expressions (so no "'aaa' * 99999999999" or 233333333333333233**2232323233232323 bombs),

  		




  ......




  154
  155
  
    
    - comprehensions (list, dict and set),

  		




  155
  156
  
    
    - generators,

  		




  156
  157
  
    
    - yield,

  		




  157
  
  
    
    - call,

  		




  
  158
  
    
    - others calls,

  		




  158
  159
  
    
    - Repr node (i dunno what it is),

  		




  159
  160
  
    
    - attribute access,

  		




  160
  161
  
    
    """

  		




  ......




  172
  173
  
    
        ast.boolop,

  		




  173
  174
  
    
        ast.cmpop,

  		




  174
  175
  
    
        ast.Compare,

  		




  
  176
  
    
        ast.Call,

  		




  175
  177
  
    
    ]

  		




  176
  178
  
    

  		




  177
  179
  
    
    def __init__(self, authorized_nodes=None, forbidden_nodes=None):

  		




  ......




  182
  184
  
    
        if node.id.startswith('_'):

  		




  183
  185
  
    
            raise ExpressionError(_('name must not start with a _'), code='invalid-variable', node=node)

  		




  184
  186
  
    

  		




  
  187
  
    
    def check_Call(self, node):

  		




  
  188
  
    
        if isinstance(node.func, ast.Name) and all(self.validate_call_arg(arg) for arg in node.args):

  		




  
  189
  
    
            return

  		




  
  190
  
    
        raise ExpressionError(_('call is invalid'), code='invalid-call', node=node)

  		




  
  191
  
    

  		




  
  192
  
    
    def validate_call_arg(self, node):

  		




  
  193
  
    
        # check node is constant or string

  		




  
  194
  
    
        return self.is_constant(node) or isinstance(node, ast.Name)

  		




  
  195
  
    

  		




  
  196
  
    
    def is_constant(self, node):

  		




  
  197
  
    
        return isinstance(node, CONSTANT_CLASSES)

  		




  
  198
  
    

  		




  185
  199
  
    
    def check_Subscript(self, node):

  		




  186
  200
  
    
        # check subscript are constant number or strings

  		




  187
  201
  
    
        ok = True

  		












  

    
      tests/test_utils_evaluate.py
    
  





  72
  72
  
    
    with pytest.raises(ExpressionError, match='MUST be a constant'):

  		




  73
  73
  
    
        v('headers[headers]')

  		




  74
  74
  
    

  		




  
  75
  
    
    assert v('func(a, b, 1, \'x\')')

  		




  
  76
  
    
    with pytest.raises(ExpressionError):

  		




  
  77
  
    
        assert v('func(a[0], b(c), 1, \'x\')')

  		




  
  78
  
    

  		




  75
  79
  
    

  		




  76
  80
  
    
def test_evaluate_condition(rf):

  		




  77
  81
  
    
    assert evaluate_condition('False') is False

  		




  78
  
  
    
-