File CVE-2023-33733-code-injection.patch of Package python-reportlab

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-33733-code-injection.patch of Package python-reportlab

---
 src/reportlab/lib/colors.py       |   51 +++++++++++++++++++++++++++-----------
 src/reportlab/lib/rl_safe_eval.py |    4 ++
 tests/test_lib_rl_safe_eval.py    |    2 -
 3 files changed, 41 insertions(+), 16 deletions(-)

--- a/src/reportlab/lib/colors.py
+++ b/src/reportlab/lib/colors.py
@@ -847,20 +847,43 @@ class toColor:
             C = getAllNamedColors()
             s = arg.lower()
             if s in C: return C[s]
-            G = C.copy()
-            G.update(self.extraColorsNS)
-            if not self._G:
-                C = globals()
-                self._G = {s:C[s] for s in '''Blacker CMYKColor CMYKColorSep Color ColorType HexColor PCMYKColor PCMYKColorSep Whiter
-                    _chooseEnforceColorSpace _enforceCMYK _enforceError _enforceRGB _enforceSEP _enforceSEP_BLACK
-                    _enforceSEP_CMYK _namedColors _re_css cmyk2rgb cmykDistance color2bw colorDistance
-                    cssParse describe fade fp_str getAllNamedColors hsl2rgb hue2rgb linearlyInterpolatedColor
-                    obj_R_G_B rgb2cmyk setColors toColor toColorOrNone'''.split()}
-            G.update(self._G)
-            try:
-                return toColor(rl_safe_eval(arg,g=G,l={}))
-            except:
-                pass
+            if True:    #*TODO* replace with rl_config option
+                G = C.copy()
+                G.update(self.extraColorsNS)
+                if not self._G:
+                    C = globals()
+                    self._G = {s:C[s] for s in '''Blacker CMYKColor CMYKColorSep Color ColorType HexColor PCMYKColor PCMYKColorSep Whiter
+                        _chooseEnforceColorSpace _enforceCMYK _enforceError _enforceRGB _enforceSEP _enforceSEP_BLACK
+                        _enforceSEP_CMYK _namedColors _re_css asNative cmyk2rgb cmykDistance color2bw colorDistance
+                        cssParse describe fade fp_str getAllNamedColors hsl2rgb hue2rgb isStr linearlyInterpolatedColor
+                        literal_eval obj_R_G_B opaqueColor rgb2cmyk setColors toColor toColorOrNone'''.split()}
+                G.update(self._G)
+                try:
+                    import ast
+                    try:
+                        return toColor(ast.literal_eval(arg))
+                    except:
+                        ##################################################################################
+                        import re
+                        allowedColorClasses = '''Color CMYKColor PCMYKColor CMYKColorSep PCMYKColorSep'''
+                        def get_class_instance(class_string):
+                            pattern = r'^(\w+)$(.*)$$'
+                            match = re.match(pattern, class_string)
+                            if match:
+                                class_name = match.group(1)
+                                args_str = match.group(2)
+                                args = [int(x) if x.isdigit() else x for x in args_str.split(',')]
+                                if class_name in allowedColorClasses:
+                                    class_obj = globals().get(class_name)
+                                    instance = class_obj(*args)
+                                    return instance
+                                raise ValueError('Invalid color object %r' % (class_name))
+                        ###################################################################################
+                        inst = get_class_instance(arg)
+                        if inst is not None:
+                            return inst
+                except:
+                    pass
 
         try:
             return HexColor(arg)
--- a/src/reportlab/lib/rl_safe_eval.py
+++ b/src/reportlab/lib/rl_safe_eval.py
@@ -60,7 +60,9 @@ __rl_unsafe__ = frozenset('''builtins br
 						func_doc func_globals func_name gi_code gi_frame gi_running gi_yieldfrom
 						__globals__ im_class im_func im_self __iter__ __kwdefaults__ __module__
 						__name__ next __qualname__ __self__ tb_frame tb_lasti tb_lineno tb_next
-						globals vars locals'''.split()
+						globals vars locals
+						type eval exec aiter anext classmethod compile dir open
+						dir print classmethod staticmethod __import__ super property'''.split()
 						)
 __rl_unsafe_re__ = re.compile(r'\b(?:%s)' % '|'.join(__rl_unsafe__),re.M)
 
--- a/tests/test_lib_rl_safe_eval.py
+++ b/tests/test_lib_rl_safe_eval.py
@@ -52,7 +52,6 @@ class SafeEvalTestSequenceMeta(type):
                 'dict(a=1).get("a",2)',
                 'dict(a=1).pop("a",2)',
                 '{"_":1+_ for _ in (1,2)}.pop(1,None)',
-                '(type(1),type(str),type(testObj),type(TestClass))',
                 '1 if True else "a"',
                 '1 if False else "a"',
                 'testFunc(bad=False)',
@@ -77,6 +76,7 @@ class SafeEvalTestSequenceMeta(type):
                 (
                 'fail',
                 (
+                '(type(1),type(str),type(testObj),type(TestClass))',
                 'open("/tmp/myfile")',
                 None if isPy3 else 'file("/tmp/myfile")',
                 'SafeEvalTestCase.__module__',

Places

File CVE-2023-33733-code-injection.patch of Package python-reportlab

Places