diff options
author | James Cammarata <jimi@sngx.net> | 2014-06-25 20:18:03 -0500 |
---|---|---|
committer | James Cammarata <jimi@sngx.net> | 2014-06-25 21:07:41 -0500 |
commit | 8ed484c54444502322bb3b04e27a6cb2a5038a60 (patch) | |
tree | dca70c610cb3ba65aee2b8f781800413b60c7f71 | |
parent | cc4129f6a11d1de89a2eb83991c05adc3e4a8723 (diff) | |
download | ansible-8ed484c54444502322bb3b04e27a6cb2a5038a60.tar.gz |
Additional fixes for safe_eval
-rw-r--r-- | lib/ansible/utils/__init__.py | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/lib/ansible/utils/__init__.py b/lib/ansible/utils/__init__.py index 793cbf7a23..410111601f 100644 --- a/lib/ansible/utils/__init__.py +++ b/lib/ansible/utils/__init__.py @@ -1040,22 +1040,23 @@ def safe_eval(expr, locals={}, include_exceptions=False): # visitor class defined below. SAFE_NODES = set( ( - ast.Expression, + ast.Add, + ast.Attribute, + ast.BinOp, + ast.Call, ast.Compare, - ast.Str, - ast.List, - ast.Tuple, ast.Dict, - ast.Call, + ast.Div, + ast.Expression, + ast.List, ast.Load, - ast.BinOp, - ast.UnaryOp, + ast.Mult, ast.Num, ast.Name, - ast.Add, + ast.Str, ast.Sub, - ast.Mult, - ast.Div, + ast.Tuple, + ast.UnaryOp, ) ) @@ -1089,10 +1090,12 @@ def safe_eval(expr, locals={}, include_exceptions=False): def generic_visit(self, node): if type(node) not in SAFE_NODES: raise Exception("invalid expression (%s)" % expr) - super(CleansingNodeVisitor, self).generic_visit(node) - def visit_Call(self, call): - if call.func.id not in CALL_WHITELIST: - raise Exception("invalid function: %s" % call.func.id) + elif isinstance(node, ast.Call): + if not isinstance(node.func, ast.Attribute) and node.func.id not in CALL_WHITELIST: + raise Exception("invalid function: %s" % node.func.id) + # iterate over all child nodes + for child_node in ast.iter_child_nodes(node): + super(CleansingNodeVisitor, self).visit(child_node) if not isinstance(expr, basestring): # already templated to a datastructure, perhaps? |