Are there any security exploits that could occur in this scenario:
eval(repr(unsanitized_user_input), {"__builtins__": None}, {"True":True, "False":False})
where unsanitized_user_input is a str object. The string is user-generated and could be nasty. Assuming our web framework hasn’t failed us, it’s a real honest-to-god str instance from the Python builtins.
If this is dangerous, can we do anything to the input to make it safe?
We definitely don’t want to execute anything contained in the string.
See also:
The larger context which is (I believe) not essential to the question is that we have thousands of these:
repr([unsanitized_user_input_1,
unsanitized_user_input_2,
unsanitized_user_input_3,
unsanitized_user_input_4,
...])
in some cases nested:
repr([[unsanitized_user_input_1,
unsanitized_user_input_2],
[unsanitized_user_input_3,
unsanitized_user_input_4],
...])
which are themselves converted to strings with repr(), put in persistent storage, and eventually read back into memory with eval.
Eval deserialized the strings from persistent storage much faster than pickle and simplejson. The interpreter is Python 2.5 so json and ast aren’t available. No C modules are allowed and cPickle is not allowed.
It is indeed dangerous and the safest alternative is
ast.literal_eval(see the ast module in the standard library). You can of course build and alter anastto provide e.g. evaluation of variables and the like before you eval the resulting AST (when it’s down to literals).The possible exploit of
evalstarts with any object it can get its hands on (sayTruehere) and going via .__class_ to its type object, etc. up toobject, then gets its subclasses… basically it can get to ANY object type and wreck havoc. I can be more specific but I’d rather not do it in a public forum (the exploit is well known, but considering how many people still ignore it, revealing it to wannabe script kiddies could make things worse… just avoidevalon unsanitized user input and live happily ever after!-).