add restrictions in restricted mode

2025-08-31 22:18:28 +00:00 · 1995-01-10 10:39:49 +00:00 · 1995-01-10 10:39:49 +00:00 · 10393b1708
commit 10393b1708
parent c113482871
3 changed files with 45 additions and 25 deletions
--- a/Objects/classobject.c
+++ b/Objects/classobject.c
@ -116,7 +116,13 @@ class_getattr(op, name)
 {
 	register object *v;
 	classobject *class;
+	if (name[0] == '_' && name[1] == '_') {
 		if (strcmp(name, "__dict__") == 0) {
+			if (getrestricted()) {
+				err_setstr(RuntimeError,
+					   "class.__dict__ not accessible in restricted mode");
+				return NULL;
+			}
 			INCREF(op->cl_dict);
 			return op->cl_dict;
 		}
@ -132,6 +138,7 @@ class_getattr(op, name)
 			INCREF(v);
 			return v;
 		}
+	}
 	v = class_lookup(op, name, &class);
 	if (v == NULL) {
 		err_setstr(AttributeError, name);
@ -365,6 +372,11 @@ instance_getattr1(inst, name)
 	classobject *class;
 	if (name[0] == '_' && name[1] == '_') {
 		if (strcmp(name, "__dict__") == 0) {
+			if (getrestricted()) {
+				err_setstr(RuntimeError,
+					   "instance.__dict__ not accessible in restricted mode");
+				return NULL;
+			}
 			INCREF(inst->in_dict);
 			return inst->in_dict;
 		}
@ -420,15 +432,6 @@ instance_getattr(inst, name)
 	res = instance_getattr1(inst, name);
 	if (res == NULL && (func = inst->in_class->cl_getattr) != NULL) {
 		object *args;
-#if 0
-		if (name[0] == '_' && name[1] == '_') {
-			int n = strlen(name);
-			if (name[n-1] == '_' && name[n-2] == '_') {
-				/* Don't mess with system attributes */
-				return NULL;
-			}
-		}
-#endif
 		err_clear();
 		args = mkvalue("(Os)", inst, name);
 		if (args == NULL)
@ -1132,6 +1135,11 @@ instancemethod_getattr(im, name)
 	register instancemethodobject *im;
 	char *name;
 {
+	if (name[0] != '_' && getrestricted()) {
+		err_setstr(RuntimeError,
+			   "instance-method attributes not accessible in restricted mode");
+		return NULL;
+	}
 	return getmember((char *)im, instancemethod_memberlist, name);
 }

--- a/Objects/funcobject.c
+++ b/Objects/funcobject.c
@ -127,6 +127,7 @@ static struct memberlist func_memberlist[] = {
 	{"func_code",	T_OBJECT,	OFF(func_code),		READONLY},
 	{"func_globals",T_OBJECT,	OFF(func_globals),	READONLY},
 	{"func_name",	T_OBJECT,	OFF(func_name),		READONLY},
+	{"__name__",	T_OBJECT,	OFF(func_name),		READONLY},
 	{"func_argcount",T_INT,		OFF(func_argcount),	READONLY},
 	{"func_argdefs",T_OBJECT,	OFF(func_argdefs),	READONLY},
 	{"func_doc",	T_OBJECT,	OFF(func_doc)},
@ -139,6 +140,11 @@ func_getattr(op, name)
 	funcobject *op;
 	char *name;
 {
+	if (name[0] != '_' && getrestricted()) {
+		err_setstr(RuntimeError,
+		  "function attributes not accessible in restricted mode");
+		return NULL;
+	}
 	return getmember((char *)op, func_memberlist, name);
 }

--- a/Objects/methodobject.c
+++ b/Objects/methodobject.c
@ -107,7 +107,13 @@ meth_getattr(m, name)
 		return None;
 	}
 	if (strcmp(name, "__self__") == 0) {
-		object *self = m->m_self;
+		object *self;
+		if (getrestricted()) {
+			err_setstr(RuntimeError,
+			 "method.__self__ not accessible in restricted mode");
+			return NULL;
+		}
+		self = m->m_self;
 		if (self == NULL)
 			self = None;
 		INCREF(self);