)h:XUdZddlZddlZddlZddlmZddlmZ ddl m Z n#e $r ddlm Z YnwxYwddl m Z ddlmZddlmZdd lmZd d lmZd d lmZd d lmZd dlmZejdejdejfZdZeZ ej!e"e#d<eZ$ej!e"e#d<ddhZ%ddhZ&ddhZ'ej(e)gdfej*e)gdfej+e)gdfe e)gdffZ,ej-ej-ej.ej/e"fdfe#d<d e0d!e1fd"Z2d#ed!efd$Z3d%ejd&e"d!e4fd'Z5d%ejd&e"d!e4fd(Z6Gd)d*eZ7Gd+d,e7Z8Gd-d.eZ9Gd/d0e9eZ:dS)1zA sandbox layer that ensures unsafe operations cannot be performed. Useful when the template itself comes from an untrusted source. N)formatter_field_name_split)abc)deque)update_wrapper) Formatter)EscapeFormatter)Markup) Environment) SecurityError)Context) UndefinedF.)boundiUNSAFE_FUNCTION_ATTRIBUTESUNSAFE_METHOD_ATTRIBUTESgi_framegi_codecr_framecr_codeag_codeag_frame)addcleardifference_updatediscardpopremovesymmetric_difference_updateupdate)rrpopitem setdefaultr )appendreverseinsertsortextendr) r# appendleftrr' extendleftrpopleftrrotate _mutable_specargsreturncxt|}t|tkrtdtd|S)zWA range that can't generate ranges with a length of more than MAX_RANGE items. z@Range too big. The sandbox blocks ranges larger than MAX_RANGE (z).)rangelen MAX_RANGE OverflowError)r-rngs 0/usr/lib/python3/dist-packages/jinja2/sandbox.py safe_ranger6WsN ,C 3xx) )$ ) ) )   Jfcd|_|S)zMarks a function or method as unsafe. .. code-block: python @unsafe def delete(self): pass T)unsafe_callable)r8s r5unsafer;fsA Hr7objattrct|tjr |tvrdSnt|tjr|tvs |t vrdSnt|t r |dkrdSnt|tjtjtj frdSt|tj r |tvrdSnuttdr&t|tj r |tvrdSn:ttdr%t|tjr |t vrdS|dS)aTest if the attribute given is an internal python attribute. For example this function returns `True` for the `func_code` attribute of python objects. This is useful if the environment method :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden. >>> from jinja2.sandbox import is_internal_attribute >>> is_internal_attribute(str, "mro") True >>> is_internal_attribute(str, "upper") False Tmro CoroutineTypeAsyncGeneratorType__) isinstancetypes FunctionTyper MethodTypertypeCodeType TracebackType FrameType GeneratorTypeUNSAFE_GENERATOR_ATTRIBUTEShasattrr@UNSAFE_COROUTINE_ATTRIBUTESrA!UNSAFE_ASYNC_GENERATOR_ATTRIBUTES startswith)r<r=s r5is_internal_attributerQssh#u)** - - -4 . C) * * - - -9Q1Q1Q42R C   5==4  C%.%*=uO P P t C, - -  . . .4 /  ( (ZU=P-Q-Q . . .4 / , - -* U %33 4 4 44 ??4  r7cLtD]\}}t||r||vcSdS)aThis function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called. >>> modifies_known_mutable({}, "clear") True >>> modifies_known_mutable({}, "keys") False >>> modifies_known_mutable([], "append") True >>> modifies_known_mutable([], "index") False If called with an unsupported object, ``False`` is returned. >>> modifies_known_mutable("foo", "upper") False F)r,rC)r<r=typespecr;s r5modifies_known_mutablerTsD&*""& c8 $ $ "6> ! ! ! " 5r7c eZdZUdZdZejejejej ej ej ej dZ ejeejejejgejffed<ejejdZejeejejgejffed<eZejeed<eZejeed<d ejd ejd d ffd Zdejdedejd efdZdejd efdZdededejdejd ejf dZ dededejd ejfdZ!dejdej"eejfd ej"eje#ffdZ$dejded ej"eje#ffdZ%dejded e#fdZ&dejd ej'ejdeffd Z(d!ed"ejd ejd ejd ejf d#Z)xZ*S)$SandboxedEnvironmentaThe sandboxed environment. It works like the regular environment but tells the compiler to generate sandboxed code. Additionally subclasses of this environment may override the methods that tell the runtime what attributes or functions are safe to access. If the template tries to access insecure code a :exc:`SecurityError` is raised. However also other exceptions may occur during the rendering so the caller has to ensure that all exceptions are caught. T)+-*/z//z**%default_binop_table)rWrXdefault_unop_tableintercepted_binopsintercepted_unopsr-kwargsr.Nctj|i|t|jd<|j|_|j|_dS)Nr0) super__init__r6globalsr\copy binop_tabler] unop_table)selfr-r` __class__s r5rczSandboxedEnvironment.__init__s\$)&))) * W388::16688r7r<r=valuecN|dpt|| S)aYThe sandboxed environment will call this method to check if the attribute of an object is safe to access. Per default all attributes starting with an underscore are considered private as well as the special attributes of internal python objects as returned by the :func:`is_internal_attribute` function. _)rPrQ)rhr<r=rjs r5is_safe_attributez&SandboxedEnvironment.is_safe_attributes)OOC((L,A#t,L,LMMr7cHt|ddpt|dd S)zCheck if an object is safely callable. By default callables are considered safe unless decorated with :func:`unsafe`. This also recognizes the Django convention of setting ``func.alters_data = True``. r:F alters_data)getattr)rhr<s r5is_safe_callablez%SandboxedEnvironment.is_safe_callables0 C*E 2 2 Xgc=RW6X6X  r7contextoperatorleftrightc0|j|||S)zFor intercepted binary operator calls (:meth:`intercepted_binops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. .. versionadded:: 2.6 )rf)rhrrrsrtrus r5 call_binopzSandboxedEnvironment.call_binop s*t)$666r7argc.|j||S)zFor intercepted unary operator calls (:meth:`intercepted_unops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. .. versionadded:: 2.6 )rg)rhrrrsrxs r5 call_unopzSandboxedEnvironment.call_unops)tx(---r7argumentc ||S#ttf$rt|tr t|} t ||}||}||cYS||||r|cYS|||cYS#t$rYnwxYw#t$rYnwxYwYnwxYw| ||S)z(Subscribe an object from sandboxed code.Nr<name) TypeError LookupErrorrCstrrpwrap_str_formatrmunsafe_undefinedAttributeError Exception undefined)rhr<r{r=rjfmts r5getitemzSandboxedEnvironment.getitem s/ Dx= ;' D D D(C(( DDx==D D 'T 2 2#22599?#&JJJ11#xGG)#(LLL#44S(CCCCC* !D  D$~~#H~555s\ &CB/BC,CC B,)C+B,,C/ B<9C;B<<CC attributecF t||}||}||S||||r|S|||S#t$r% ||cYS#t t f$rYnwxYwYnwxYw|||S)zSubscribe an object from sandboxed code and prefer the attribute. The attribute passed *must* be a bytestring. Nr})rprrmrrrrr)rhr<rrjrs r5rpzSandboxedEnvironment.getattr:s 9C++E&&u--C %%c9e<<  ((i88 8    9~%%%{+      ~~#I~666s5A B %A/,B /BB BB B cp|d|dt|jd||tS)z1Return an undefined object for unsafe attributes.zaccess to attribute z of z object is unsafe.)r~r<exc)rrG__name__r )rhr<rs r5rz%SandboxedEnvironment.unsafe_undefinedNsR~~ 99 9 9S " 9 9 9    r7.ct|tjtjfr |jdvrdS|jtt sdSt|jdkttrt|j }nt|}|j dtjdtjdt ffd }t||S) aIf the given value is a ``str.format`` or ``str.format_map`` method, return a new function than handles sandboxing. This is done at access rather than in :meth:`call`, so that calls made without ``call`` are also sandboxed. )format format_mapNr)escaper-r`r.crN|rtdt|dkr tdt|d|d}d}||S)Nz'format_map() takes no keyword argumentsr z)format_map() takes exactly one argument (z given)r)rr1)r-r`f_self is_format_mapstr_typevformats r5wrapperz5SandboxedEnvironment.wrap_str_format..wrapperss O#$MNNNt99>>#VCIIVVVa8GGFD&99:: :r7)rCrDrFBuiltinMethodTyper__self__rrGr SandboxedEscapeFormatterrSandboxedFormatterrtAnyr)rhrj formatterrrrrrs @@@@r5rz$SandboxedEnvironment.wrap_str_formatXs   E$e&=>    ^#; ; ;4&#&& 4 $V ,6  ff % % 10fmLLLII*400I# ;15 ;AE ;c ; ; ; ; ; ; ; ; ;gu---r7_SandboxedEnvironment__context_SandboxedEnvironment__objcr||st|d|j|g|Ri|S)z#Call an object from sandboxed code.z is not safely callable)rqr call)_SandboxedEnvironment__selfrrr-r`s r5rzSandboxedEnvironment.callsT&&u-- E5 C C CDD Dy~e5d555f555r7)+r __module__ __qualname____doc__ sandboxedrsrsubmultruedivfloordivpowmodr\rDictrCallabler__annotations__posnegr] frozensetr^ FrozenSetr_rcboolrmrqr rwrzUnionrrrprOptionalrr __classcell__ris@r5rVrVsaI \ \ \  l \KKQZ0E%F FG\ \CCsAJw~$>>?&,59;; C(666+4)++q{3'5559ae9qu9999999 NQUN#NaeNNNNN  AE  d      7 7*- 756U 7CD5 7  7 7 7 7..C.ae.....656$%GCJ$76  ! "666647157S7QWQUI=M5N7777( AE c i    *.QU*.qz!*S#X:N/O*.*.*.*.X 6 6u 6u 6 % 6  6 6 6 6 6 6 6 6r7rVcHeZdZdZdejdedejdeffd ZxZ S)ImmutableSandboxedEnvironmentzWorks exactly like the regular `SandboxedEnvironment` but does not permit modifications on the builtin mutable objects `list`, `set`, and `dict` by using the :func:`modifies_known_mutable` function. r<r=rjr.cpt|||sdSt|| S)NF)rbrmrT)rhr<r=rjris r5rmz/ImmutableSandboxedEnvironment.is_safe_attributes9ww((dE:: 5)#t4444r7) rrrrrrrrrmrrs@r5rrsg 5QU5#5ae55555555555r7rc eZdZdedejddffd Zdedejejdej eejfdej ejeffdZ xZ S) renvr`r.Nc H||_tjdi|dS)Nr)_envrbrc)rhrr`ris r5rczSandboxedFormatter.__init__s- ""6"""""r7 field_namer-ct|\}}||||}|D]>\}}|r|j||}#|j||}?||fS)N)r get_valuerrpr) rhrr-r`firstrestr<is_attris r5 get_fieldzSandboxedFormatter.get_fields1<< tnnUD&11 0 0JGQ 0i''Q//i''Q//Ezr7) rrrr rrrcrSequenceMappingTuplerrrs@r5rrs#K#15#T######  %&Z%6 @A #qu*@U           r7rceZdZdS)rN)rrrrr7r5rrsDr7r);rrsrDtypingr_stringr collectionsrcollections.abcr ImportError functoolsrstringr markupsaferr environmentr exceptionsr runtimer rTypeVarrrrr2setrSetrrrrLrNrO MutableSetrMutableMappingMutableSequencer,rTyperintr0r6r;rrQrTrVrrrrr7r5rs ......"%%%%%%%"""!!!!!!!!"$$$$$$&&&&&&$$$$$$%%%%%% AIcCJ/000  *-AE#J...(+suu!%*,,, *95 *95&/ $;!        EEEFF  MMMNN      1(B qwqwqvq{3'778#=>(((V c e      a  A     "!qu"!C"!D"!"!"!"!JST2`6`6`6`6`6;`6`6`6F 5 5 5 5 5$8 5 5 5$     1?     s $ 22