123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428 |
- """A sandbox layer that ensures unsafe operations cannot be performed.
- Useful when the template itself comes from an untrusted source.
- """
- import operator
- import types
- import typing as t
- from _string import formatter_field_name_split # type: ignore
- from collections import abc
- from collections import deque
- from string import Formatter
- from markupsafe import EscapeFormatter
- from markupsafe import Markup
- from .environment import Environment
- from .exceptions import SecurityError
- from .runtime import Context
- from .runtime import Undefined
- F = t.TypeVar("F", bound=t.Callable[..., t.Any])
- #: maximum number of items a range may produce
- MAX_RANGE = 100000
- #: Unsafe function attributes.
- UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] = set()
- #: Unsafe method attributes. Function attributes are unsafe for methods too.
- UNSAFE_METHOD_ATTRIBUTES: t.Set[str] = set()
- #: unsafe generator attributes.
- UNSAFE_GENERATOR_ATTRIBUTES = {"gi_frame", "gi_code"}
- #: unsafe attributes on coroutines
- UNSAFE_COROUTINE_ATTRIBUTES = {"cr_frame", "cr_code"}
- #: unsafe attributes on async generators
- UNSAFE_ASYNC_GENERATOR_ATTRIBUTES = {"ag_code", "ag_frame"}
- _mutable_spec: t.Tuple[t.Tuple[t.Type, t.FrozenSet[str]], ...] = (
- (
- abc.MutableSet,
- frozenset(
- [
- "add",
- "clear",
- "difference_update",
- "discard",
- "pop",
- "remove",
- "symmetric_difference_update",
- "update",
- ]
- ),
- ),
- (
- abc.MutableMapping,
- frozenset(["clear", "pop", "popitem", "setdefault", "update"]),
- ),
- (
- abc.MutableSequence,
- frozenset(["append", "reverse", "insert", "sort", "extend", "remove"]),
- ),
- (
- deque,
- frozenset(
- [
- "append",
- "appendleft",
- "clear",
- "extend",
- "extendleft",
- "pop",
- "popleft",
- "remove",
- "rotate",
- ]
- ),
- ),
- )
- def inspect_format_method(callable: t.Callable) -> t.Optional[str]:
- if not isinstance(
- callable, (types.MethodType, types.BuiltinMethodType)
- ) or callable.__name__ not in ("format", "format_map"):
- return None
- obj = callable.__self__
- if isinstance(obj, str):
- return obj
- return None
- def safe_range(*args: int) -> range:
- """A range that can't generate ranges with a length of more than
- MAX_RANGE items.
- """
- rng = range(*args)
- if len(rng) > MAX_RANGE:
- raise OverflowError(
- "Range too big. The sandbox blocks ranges larger than"
- f" MAX_RANGE ({MAX_RANGE})."
- )
- return rng
- def unsafe(f: F) -> F:
- """Marks a function or method as unsafe.
- .. code-block: python
- @unsafe
- def delete(self):
- pass
- """
- f.unsafe_callable = True # type: ignore
- return f
- def is_internal_attribute(obj: t.Any, attr: str) -> bool:
- """Test if the attribute given is an internal python attribute. For
- example this function returns `True` for the `func_code` attribute of
- python objects. This is useful if the environment method
- :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden.
- >>> from jinja2.sandbox import is_internal_attribute
- >>> is_internal_attribute(str, "mro")
- True
- >>> is_internal_attribute(str, "upper")
- False
- """
- if isinstance(obj, types.FunctionType):
- if attr in UNSAFE_FUNCTION_ATTRIBUTES:
- return True
- elif isinstance(obj, types.MethodType):
- if attr in UNSAFE_FUNCTION_ATTRIBUTES or attr in UNSAFE_METHOD_ATTRIBUTES:
- return True
- elif isinstance(obj, type):
- if attr == "mro":
- return True
- elif isinstance(obj, (types.CodeType, types.TracebackType, types.FrameType)):
- return True
- elif isinstance(obj, types.GeneratorType):
- if attr in UNSAFE_GENERATOR_ATTRIBUTES:
- return True
- elif hasattr(types, "CoroutineType") and isinstance(obj, types.CoroutineType):
- if attr in UNSAFE_COROUTINE_ATTRIBUTES:
- return True
- elif hasattr(types, "AsyncGeneratorType") and isinstance(
- obj, types.AsyncGeneratorType
- ):
- if attr in UNSAFE_ASYNC_GENERATOR_ATTRIBUTES:
- return True
- return attr.startswith("__")
- def modifies_known_mutable(obj: t.Any, attr: str) -> bool:
- """This function checks if an attribute on a builtin mutable object
- (list, dict, set or deque) or the corresponding ABCs would modify it
- if called.
- >>> modifies_known_mutable({}, "clear")
- True
- >>> modifies_known_mutable({}, "keys")
- False
- >>> modifies_known_mutable([], "append")
- True
- >>> modifies_known_mutable([], "index")
- False
- If called with an unsupported object, ``False`` is returned.
- >>> modifies_known_mutable("foo", "upper")
- False
- """
- for typespec, unsafe in _mutable_spec:
- if isinstance(obj, typespec):
- return attr in unsafe
- return False
- class SandboxedEnvironment(Environment):
- """The sandboxed environment. It works like the regular environment but
- tells the compiler to generate sandboxed code. Additionally subclasses of
- this environment may override the methods that tell the runtime what
- attributes or functions are safe to access.
- If the template tries to access insecure code a :exc:`SecurityError` is
- raised. However also other exceptions may occur during the rendering so
- the caller has to ensure that all exceptions are caught.
- """
- sandboxed = True
- #: default callback table for the binary operators. A copy of this is
- #: available on each instance of a sandboxed environment as
- #: :attr:`binop_table`
- default_binop_table: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
- "+": operator.add,
- "-": operator.sub,
- "*": operator.mul,
- "/": operator.truediv,
- "//": operator.floordiv,
- "**": operator.pow,
- "%": operator.mod,
- }
- #: default callback table for the unary operators. A copy of this is
- #: available on each instance of a sandboxed environment as
- #: :attr:`unop_table`
- default_unop_table: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
- "+": operator.pos,
- "-": operator.neg,
- }
- #: a set of binary operators that should be intercepted. Each operator
- #: that is added to this set (empty by default) is delegated to the
- #: :meth:`call_binop` method that will perform the operator. The default
- #: operator callback is specified by :attr:`binop_table`.
- #:
- #: The following binary operators are interceptable:
- #: ``//``, ``%``, ``+``, ``*``, ``-``, ``/``, and ``**``
- #:
- #: The default operation form the operator table corresponds to the
- #: builtin function. Intercepted calls are always slower than the native
- #: operator call, so make sure only to intercept the ones you are
- #: interested in.
- #:
- #: .. versionadded:: 2.6
- intercepted_binops: t.FrozenSet[str] = frozenset()
- #: a set of unary operators that should be intercepted. Each operator
- #: that is added to this set (empty by default) is delegated to the
- #: :meth:`call_unop` method that will perform the operator. The default
- #: operator callback is specified by :attr:`unop_table`.
- #:
- #: The following unary operators are interceptable: ``+``, ``-``
- #:
- #: The default operation form the operator table corresponds to the
- #: builtin function. Intercepted calls are always slower than the native
- #: operator call, so make sure only to intercept the ones you are
- #: interested in.
- #:
- #: .. versionadded:: 2.6
- intercepted_unops: t.FrozenSet[str] = frozenset()
- def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
- super().__init__(*args, **kwargs)
- self.globals["range"] = safe_range
- self.binop_table = self.default_binop_table.copy()
- self.unop_table = self.default_unop_table.copy()
- def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
- """The sandboxed environment will call this method to check if the
- attribute of an object is safe to access. Per default all attributes
- starting with an underscore are considered private as well as the
- special attributes of internal python objects as returned by the
- :func:`is_internal_attribute` function.
- """
- return not (attr.startswith("_") or is_internal_attribute(obj, attr))
- def is_safe_callable(self, obj: t.Any) -> bool:
- """Check if an object is safely callable. By default callables
- are considered safe unless decorated with :func:`unsafe`.
- This also recognizes the Django convention of setting
- ``func.alters_data = True``.
- """
- return not (
- getattr(obj, "unsafe_callable", False) or getattr(obj, "alters_data", False)
- )
- def call_binop(
- self, context: Context, operator: str, left: t.Any, right: t.Any
- ) -> t.Any:
- """For intercepted binary operator calls (:meth:`intercepted_binops`)
- this function is executed instead of the builtin operator. This can
- be used to fine tune the behavior of certain operators.
- .. versionadded:: 2.6
- """
- return self.binop_table[operator](left, right)
- def call_unop(self, context: Context, operator: str, arg: t.Any) -> t.Any:
- """For intercepted unary operator calls (:meth:`intercepted_unops`)
- this function is executed instead of the builtin operator. This can
- be used to fine tune the behavior of certain operators.
- .. versionadded:: 2.6
- """
- return self.unop_table[operator](arg)
- def getitem(
- self, obj: t.Any, argument: t.Union[str, t.Any]
- ) -> t.Union[t.Any, Undefined]:
- """Subscribe an object from sandboxed code."""
- try:
- return obj[argument]
- except (TypeError, LookupError):
- if isinstance(argument, str):
- try:
- attr = str(argument)
- except Exception:
- pass
- else:
- try:
- value = getattr(obj, attr)
- except AttributeError:
- pass
- else:
- if self.is_safe_attribute(obj, argument, value):
- return value
- return self.unsafe_undefined(obj, argument)
- return self.undefined(obj=obj, name=argument)
- def getattr(self, obj: t.Any, attribute: str) -> t.Union[t.Any, Undefined]:
- """Subscribe an object from sandboxed code and prefer the
- attribute. The attribute passed *must* be a bytestring.
- """
- try:
- value = getattr(obj, attribute)
- except AttributeError:
- try:
- return obj[attribute]
- except (TypeError, LookupError):
- pass
- else:
- if self.is_safe_attribute(obj, attribute, value):
- return value
- return self.unsafe_undefined(obj, attribute)
- return self.undefined(obj=obj, name=attribute)
- def unsafe_undefined(self, obj: t.Any, attribute: str) -> Undefined:
- """Return an undefined object for unsafe attributes."""
- return self.undefined(
- f"access to attribute {attribute!r} of"
- f" {type(obj).__name__!r} object is unsafe.",
- name=attribute,
- obj=obj,
- exc=SecurityError,
- )
- def format_string(
- self,
- s: str,
- args: t.Tuple[t.Any, ...],
- kwargs: t.Dict[str, t.Any],
- format_func: t.Optional[t.Callable] = None,
- ) -> str:
- """If a format call is detected, then this is routed through this
- method so that our safety sandbox can be used for it.
- """
- formatter: SandboxedFormatter
- if isinstance(s, Markup):
- formatter = SandboxedEscapeFormatter(self, escape=s.escape)
- else:
- formatter = SandboxedFormatter(self)
- if format_func is not None and format_func.__name__ == "format_map":
- if len(args) != 1 or kwargs:
- raise TypeError(
- "format_map() takes exactly one argument"
- f" {len(args) + (kwargs is not None)} given"
- )
- kwargs = args[0]
- args = ()
- rv = formatter.vformat(s, args, kwargs)
- return type(s)(rv)
- def call(
- __self, # noqa: B902
- __context: Context,
- __obj: t.Any,
- *args: t.Any,
- **kwargs: t.Any,
- ) -> t.Any:
- """Call an object from sandboxed code."""
- fmt = inspect_format_method(__obj)
- if fmt is not None:
- return __self.format_string(fmt, args, kwargs, __obj)
- # the double prefixes are to avoid double keyword argument
- # errors when proxying the call.
- if not __self.is_safe_callable(__obj):
- raise SecurityError(f"{__obj!r} is not safely callable")
- return __context.call(__obj, *args, **kwargs)
- class ImmutableSandboxedEnvironment(SandboxedEnvironment):
- """Works exactly like the regular `SandboxedEnvironment` but does not
- permit modifications on the builtin mutable objects `list`, `set`, and
- `dict` by using the :func:`modifies_known_mutable` function.
- """
- def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
- if not super().is_safe_attribute(obj, attr, value):
- return False
- return not modifies_known_mutable(obj, attr)
- class SandboxedFormatter(Formatter):
- def __init__(self, env: Environment, **kwargs: t.Any) -> None:
- self._env = env
- super().__init__(**kwargs) # type: ignore
- def get_field(
- self, field_name: str, args: t.Sequence[t.Any], kwargs: t.Mapping[str, t.Any]
- ) -> t.Tuple[t.Any, str]:
- first, rest = formatter_field_name_split(field_name)
- obj = self.get_value(first, args, kwargs)
- for is_attr, i in rest:
- if is_attr:
- obj = self._env.getattr(obj, i)
- else:
- obj = self._env.getitem(obj, i)
- return obj, first
- class SandboxedEscapeFormatter(SandboxedFormatter, EscapeFormatter):
- pass
|