File CVE-2023-33733-code-injection.patch of Package python-reportlab.30899
---
src/reportlab/lib/colors.py | 51 +++++++++++++++++++++++++++-----------
src/reportlab/lib/rl_safe_eval.py | 4 ++
tests/test_lib_rl_safe_eval.py | 2 -
3 files changed, 41 insertions(+), 16 deletions(-)
--- a/src/reportlab/lib/colors.py
+++ b/src/reportlab/lib/colors.py
@@ -859,20 +859,43 @@ class toColor:
C = getAllNamedColors()
s = arg.lower()
if s in C: return C[s]
- G = C.copy()
- G.update(self.extraColorsNS)
- if not self._G:
- C = globals()
- self._G = {s:C[s] for s in '''Blacker CMYKColor CMYKColorSep Color ColorType HexColor PCMYKColor PCMYKColorSep Whiter
- _chooseEnforceColorSpace _enforceCMYK _enforceError _enforceRGB _enforceSEP _enforceSEP_BLACK
- _enforceSEP_CMYK _namedColors _re_css asNative cmyk2rgb cmykDistance color2bw colorDistance
- cssParse describe fade fp_str getAllNamedColors hsl2rgb hue2rgb isStr linearlyInterpolatedColor
- literal_eval obj_R_G_B opaqueColor rgb2cmyk setColors toColor toColorOrNone'''.split()}
- G.update(self._G)
- try:
- return toColor(rl_safe_eval(arg, g=G, l={}))
- except:
- pass
+ if True: #*TODO* replace with rl_config option
+ G = C.copy()
+ G.update(self.extraColorsNS)
+ if not self._G:
+ C = globals()
+ self._G = {s:C[s] for s in '''Blacker CMYKColor CMYKColorSep Color ColorType HexColor PCMYKColor PCMYKColorSep Whiter
+ _chooseEnforceColorSpace _enforceCMYK _enforceError _enforceRGB _enforceSEP _enforceSEP_BLACK
+ _enforceSEP_CMYK _namedColors _re_css asNative cmyk2rgb cmykDistance color2bw colorDistance
+ cssParse describe fade fp_str getAllNamedColors hsl2rgb hue2rgb isStr linearlyInterpolatedColor
+ literal_eval obj_R_G_B opaqueColor rgb2cmyk setColors toColor toColorOrNone'''.split()}
+ G.update(self._G)
+ try:
+ import ast
+ try:
+ return toColor(ast.literal_eval(arg))
+ except:
+ ##################################################################################
+ import re
+ allowedColorClasses = '''Color CMYKColor PCMYKColor CMYKColorSep PCMYKColorSep'''
+ def get_class_instance(class_string):
+ pattern = r'^(\w+)\((.*)\)$'
+ match = re.match(pattern, class_string)
+ if match:
+ class_name = match.group(1)
+ args_str = match.group(2)
+ args = [int(x) if x.isdigit() else x for x in args_str.split(',')]
+ if class_name in allowedColorClasses:
+ class_obj = globals().get(class_name)
+ instance = class_obj(*args)
+ return instance
+ raise ValueError('Invalid color object %r' % (class_name))
+ ###################################################################################
+ inst = get_class_instance(arg)
+ if inst is not None:
+ return inst
+ except:
+ pass
try:
return HexColor(arg)
--- a/src/reportlab/lib/rl_safe_eval.py
+++ b/src/reportlab/lib/rl_safe_eval.py
@@ -60,7 +60,9 @@ __rl_unsafe__ = frozenset('''builtins br
func_doc func_globals func_name gi_code gi_frame gi_running gi_yieldfrom
__globals__ im_class im_func im_self __iter__ __kwdefaults__ __module__
__name__ next __qualname__ __self__ tb_frame tb_lasti tb_lineno tb_next
- globals vars locals'''.split()
+ globals vars locals
+ type eval exec aiter anext classmethod compile dir open
+ dir print classmethod staticmethod __import__ super property'''.split()
)
__rl_unsafe_re__ = re.compile(r'\b(?:%s)' % '|'.join(__rl_unsafe__),re.M)
--- a/tests/test_lib_rl_safe_eval.py
+++ b/tests/test_lib_rl_safe_eval.py
@@ -52,7 +52,6 @@ class SafeEvalTestSequenceMeta(type):
'dict(a=1).get("a",2)',
'dict(a=1).pop("a",2)',
'{"_":1+_ for _ in (1,2)}.pop(1,None)',
- '(type(1),type(str),type(testObj),type(TestClass))',
'1 if True else "a"',
'1 if False else "a"',
'testFunc(bad=False)',
@@ -77,6 +76,7 @@ class SafeEvalTestSequenceMeta(type):
(
'fail',
(
+ '(type(1),type(str),type(testObj),type(TestClass))',
'open("/tmp/myfile")',
None if isPy3 else 'file("/tmp/myfile")',
'SafeEvalTestCase.__module__',
