def check(self, fn, var):
"""check function doesn't contain dangerous code.
fn: function
var: function is a variable of this
raises a RuntimeError(msg) if a problem
"""
fn = fn.strip()
if self.cachedfunc != fn or self.cachedvar != var:
checked = utils.checkCode(fn)
if checked is not None:
try:
msg = checked[0][0]
except Exception:
msg = ''
raise RuntimeError(msg)
self.cachedfunc = fn
self.cachedvar = var
try:
# compile code
self.compiled = compile(fn, '<string>', 'eval')
except Exception, e:
raise RuntimeError(e)
def check(self, fn, var):
"""check function doesn't contain dangerous code.
fn: function
var: function is a variable of this
raises a RuntimeError(msg) if a problem
"""
fn = fn.strip()
if self.cachedfunc != fn or self.cachedvar != var:
checked = utils.checkCode(fn)
if checked is not None:
try:
msg = checked[0][0]
except Exception:
msg = ''
raise RuntimeError(msg)
self.cachedfunc = fn
self.cachedvar = var
try:
# compile code
self.compiled = compile(fn, '<string>', 'eval')
except Exception, e:
raise RuntimeError(e)
def _updateEvalContextFuncOrConst(self, ctype, name, val):
"""Update a function or constant in eval function context."""
if ctype == 'constant':
if not identifier_re.match(name):
self.log(_("Invalid constant name '%s'") % name)
return
defn = val
elif ctype == 'function':
m = function_re.match(name)
if not m:
self.log(_("Invalid function specification '%s'") % name)
return
name = m.group(1)
args = m.group(2)
defn = 'lambda %s: %s' % (args, val)
# evaluate, but we ignore any unsafe commands or exceptions
checked = utils.checkCode(defn)
if checked is not None:
self.log(_("Expression '%s' failed safe code test") % defn)
return
try:
self.eval_context[name] = eval(defn, self.eval_context)
except Exception, e:
self.log(_("Error evaluating '%s': '%s'") % (name, unicode(e)))
def _updateEvalContextFuncOrConst(self, ctype, name, val):
"""Update a function or constant in eval function context."""
if ctype == 'constant':
if not identifier_re.match(name):
self.log( "Invalid constant name '%s'" % name )
return
defn = val
elif ctype == 'function':
m = function_re.match(name)
if not m:
self.log( "Invalid function specification '%s'" % name )
return
name = funcname = m.group(1)
args = m.group(2)
defn = 'lambda %s: %s' % (args, val)
# evaluate, but we ignore any unsafe commands or exceptions
checked = utils.checkCode(defn)
if checked is not None:
self.log( "Expression '%s' failed safe code test" %
defn )
return
try:
self.eval_context[name] = eval(defn, self.eval_context)
except Exception, e:
self.log( "Error evaluating '%s': '%s'" %
(name, unicode(e)) )
# read script
try:
script = open(filename, 'rU').read()
except IOError, e:
qt4.QApplication.restoreOverrideCursor()
qt4.QMessageBox.warning(self, "Cannot open document",
"Cannot open the document '%s'\n"
"\n%s (error %i)" % (filename,
e.strerror, e.errno))
return
# check code for any security issues
ignore_unsafe = setting.transient_settings['unsafe_mode']
if not ignore_unsafe:
errors = utils.checkCode(script, securityonly=True)
if errors:
qt4.QApplication.restoreOverrideCursor()
if ( self._unsafeCmdMsgBox(self, filename).exec_() ==
qt4.QMessageBox.No ):
return
ignore_unsafe = True # allow unsafe veusz commands below
# set up environment to run script
env = self.document.eval_context.copy()
interface = document.CommandInterface(self.document)
# allow safe commands as-is
for cmd in interface.safe_commands:
env[cmd] = getattr(interface, cmd)
