Merge pull request from GHSA-g7vv-2v7x-gj9p

cli: eval safety
This commit is contained in:
Casper da Costa-Luis 2024-05-02 22:35:59 +01:00 committed by GitHub
commit 4e613f84ed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 11 deletions

View File

@ -21,23 +21,34 @@ def cast(val, typ):
return cast(val, t) return cast(val, t)
except TqdmTypeError: except TqdmTypeError:
pass pass
raise TqdmTypeError(val + ' : ' + typ) raise TqdmTypeError(f"{val} : {typ}")
# sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n') # sys.stderr.write('\ndebug | `val:type`: `' + val + ':' + typ + '`.\n')
if typ == 'bool': if typ == 'bool':
if (val == 'True') or (val == ''): if (val == 'True') or (val == ''):
return True return True
elif val == 'False': if val == 'False':
return False return False
else: raise TqdmTypeError(val + ' : ' + typ)
raise TqdmTypeError(val + ' : ' + typ) if typ == 'chr':
try: if len(val) == 1:
return eval(typ + '("' + val + '")') return val.encode()
except Exception: if re.match(r"^\\\w+$", val):
if typ == 'chr': return eval(f'"{val}"').encode()
return chr(ord(eval('"' + val + '"'))).encode() raise TqdmTypeError(f"{val} : {typ}")
else: if typ == 'str':
raise TqdmTypeError(val + ' : ' + typ) return val
if typ == 'int':
try:
return int(val)
except ValueError as exc:
raise TqdmTypeError(f"{val} : {typ}") from exc
if typ == 'float':
try:
return float(val)
except ValueError as exc:
raise TqdmTypeError(f"{val} : {typ}") from exc
raise TqdmTypeError(f"{val} : {typ}")
def posix_pipe(fin, fout, delim=b'\\n', buf_size=256, def posix_pipe(fin, fout, delim=b'\\n', buf_size=256,