Disable unsafe code execution by default

author: Qrius <[email protected]> 2025-05-06 14:22:33 +0200
committer: Qrius <[email protected]> 2025-05-06 14:23:04 +0200
commit: 77e73d70a9b81a7bbd8e49be52612fc62a9f9502 (patch)
tree: c816ff6a30dee18e2c701cfd83c3e9104e73e333 /src/smp/builtins.py
parent: 68f3e45b0c9570e4bdf01147f606f04bda6be310 (diff)
download: skaldpress-77e73d70a9b81a7bbd8e49be52612fc62a9f9502.tar.gz
skaldpress-77e73d70a9b81a7bbd8e49be52612fc62a9f9502.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/smp/builtins.py b/src/smp/builtins.py
index 36cc380..6beb224 100644
--- a/src/smp/builtins.py
+++ b/src/smp/builtins.py
@@ -113,11 +113,15 @@ def smp_builtin_include_verbatim(macro_processor, filename):
 
 
 def smp_builtin_shell(macro_processor, cmd_args):
+    if not macro_processor.unsafe_code_execution:
+        raise Exception("unsafe code execution now allowed!")
     cmd_args = macro_processor.process_input(cmd_args)
     return subprocess.check_output(cmd_args, shell=True).decode()
 
 
 def smp_builtin_eval(macro_processor, expression):
+    if not macro_processor.unsafe_code_execution:
+        raise Exception("unsafe code execution now allowed!")
     r = eval(
         expression,
         macro_processor.py_local_env_current,
author	Qrius <[email protected]>	2025-05-06 14:22:33 +0200
committer	Qrius <[email protected]>	2025-05-06 14:23:04 +0200
commit	77e73d70a9b81a7bbd8e49be52612fc62a9f9502 (patch)
tree	c816ff6a30dee18e2c701cfd83c3e9104e73e333 /src/smp/builtins.py
parent	68f3e45b0c9570e4bdf01147f606f04bda6be310 (diff)
download	skaldpress-77e73d70a9b81a7bbd8e49be52612fc62a9f9502.tar.gz skaldpress-77e73d70a9b81a7bbd8e49be52612fc62a9f9502.zip