def match_policy(policy_code, extra, password_meta): # If admin user can invoke custom code via exec and eval, It can cause serious security issues. # This is because the admin user can run code on the dashboard server. if not safe_to_run_code(): return True exec(policy_code) result = eval('can_register(extra, password_meta)') return result
def match_policy(policy_code, user, item, new_item={}): if not safe_to_run_code(): return True exec(policy_code) params_len = eval('len(inspect.signature(has_permission).parameters)') if params_len == 2: result = eval('has_permission(user, item)') elif params_len == 3: result = eval('has_permission(user, item, new_item)') else: result = False return result
def match_has_permission(policy_code, user, user_to_do): """ 사용자를 읽고 쓸 권한이 있는지 체크 :param policy_code: :param user: :param user_to_do: :return: """ if not safe_to_run_code(): return True exec(policy_code) result = eval('has_permission(user, user_to_do)') return result
def do(data, resource): if not env.safe_to_run_code(): return { 'success': False, 'error': error.CANNOT_RUN_ON_NON_SERVERLESS } body = {} params = data['params'] package_text = params.get('package_text') if not package_text: return { 'success': False, 'error': error.REQUIRED_PARAMS_NOT_EXIST } requirements_zip_file_id = uuid() requirements_zip_file_bin, response_stdout = generate_requirements_zipfile(package_text) resource.file_upload_bin(requirements_zip_file_id, requirements_zip_file_bin) body['zip_file_id'] = requirements_zip_file_id body['response_stdout'] = response_stdout return body
def run(self) -> None: print('Starting httpd...\n') try: self.can_run_subprocess = True self.httpd.serve_forever() except KeyboardInterrupt: pass self.httpd.server_close() print('Stopping httpd...') def stop(self): self.httpd.server_close() if env.safe_to_run_code(): server_thread = ServerThread() server_thread.start() else: print('NOT SAFE TO RUN LOCAL SERVER TO RUN CODE') # --- end of localhost server --- CALLABLE_MODULE_WHITE_LIST = { # auth 'cloud.auth.attach_group_permission', 'cloud.auth.attach_user_group', 'cloud.auth.detach_user_group', 'cloud.auth.change_password', 'cloud.auth.change_password_admin', 'cloud.auth.delete_sessions',
def match_policy(policy_code, user, item): if not safe_to_run_code(): return True exec(policy_code) result = eval('has_permission(user, item)') return result