fix: replace eval mechanism with builtins to prevent security vulnerabilities

2026-05-28 20:09:36 +08:00 · 2019-04-24 15:43:57 +08:00
parent a1147bc575
commit a3cc072c36
4 changed files with 14 additions and 6 deletions
--- a/tests/test_parser.py
+++ b/tests/test_parser.py
@@ -437,6 +437,10 @@ class TestParserBasic(unittest.TestCase):
        self.assertEqual(var._string, "ABC{}{}")
        self.assertEqual(var.to_value(variables_mapping), "ABCTrueabc123")

+        # Python builtin functions
+        var = parser.LazyString("ABC${ord(a)}DEF${len(abcd)}", functions_mapping, check_variables_set)
+        self.assertEqual(var._string, "ABC{}DEF{}")
+        self.assertEqual(var.to_value(variables_mapping), "ABC97DEF4")

    def test_parse_variable(self):
        """ variable format ${var} and $var