diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/skaldpress/main.py | 9 | ||||
| -rw-r--r-- | src/smp/__init__.py | 9 | ||||
| -rw-r--r-- | src/smp/builtins.py | 4 | ||||
| -rw-r--r-- | src/smp/macro_processor.py | 8 |
4 files changed, 28 insertions, 2 deletions
diff --git a/src/skaldpress/main.py b/src/skaldpress/main.py index eebe3e8..62f5d9c 100644 --- a/src/skaldpress/main.py +++ b/src/skaldpress/main.py @@ -62,6 +62,8 @@ def compile_file(smps: smp.macro_processor.MacroProcessorState, file_path, opts) "filename", os.path.splitext(os.path.relpath(file_path, opts.content_dir))[0], ) + if opts.unsafe: + macro_processor.unsafe_code_execution = True macro_processor.source_file_path = file_path macro_processor_initialize(opts.metadata, macro_processor, stored_smp_state) @@ -213,6 +215,13 @@ def main(): parser.add_argument( "-D", nargs="+", metavar="key=value", default=[], action="extend" ) + parser.add_argument( + "-U", + "--unsafe", + default=False, + action="store_true", + help="Allow unsafe code execution", + ) args = parser.parse_args() args.metadata = parse_keyval_args(args.metadata) args.D = parse_keyval_args(args.D) diff --git a/src/smp/__init__.py b/src/smp/__init__.py index f7cb937..2cdf2fe 100644 --- a/src/smp/__init__.py +++ b/src/smp/__init__.py @@ -42,6 +42,13 @@ def main(): help="Prefix builtins with smp_", ) parser.add_argument( + "-U", + "--unsafe", + default=False, + action="store_true", + help="Allow unsafe code execution", + ) + parser.add_argument( "file", nargs="?", default=None, help='Input file or "-" for stdin' ) args = parser.parse_args() @@ -50,6 +57,8 @@ def main(): macro_processor_state = smp.macro_processor.MacroProcessorState() prefix = "smp_" if args.prefix_builtins else "" macro_processor = macro_processor_state.macro_processor(prefix=prefix) + if args.unsafe: + macro_processor.unsafe_code_execution = True for key, value in args.D.items(): macro_processor.define_macro(key, value) diff --git a/src/smp/builtins.py b/src/smp/builtins.py index 36cc380..6beb224 100644 --- a/src/smp/builtins.py +++ b/src/smp/builtins.py @@ -113,11 +113,15 @@ def smp_builtin_include_verbatim(macro_processor, filename): def smp_builtin_shell(macro_processor, cmd_args): + if not macro_processor.unsafe_code_execution: + raise Exception("unsafe code execution now allowed!") cmd_args = macro_processor.process_input(cmd_args) return subprocess.check_output(cmd_args, shell=True).decode() def smp_builtin_eval(macro_processor, expression): + if not macro_processor.unsafe_code_execution: + raise Exception("unsafe code execution now allowed!") r = eval( expression, macro_processor.py_local_env_current, diff --git a/src/smp/macro_processor.py b/src/smp/macro_processor.py index a473db4..d5f4e8e 100644 --- a/src/smp/macro_processor.py +++ b/src/smp/macro_processor.py @@ -76,6 +76,8 @@ class MacroProcessor: expansion_stack: list[Any] + unsafe_code_execution: bool = False + def __init__(self, prefix=""): self.macros = dict() self.macro_invocations = list() @@ -140,7 +142,7 @@ class MacroProcessor: return self.macros.get(f"{sub_prefix}{macro_name}", default) def _define_metadata(self, macro_name, macro_value): - sub_prefix = (self._get_macro_builtin("metadata_prefix")) + sub_prefix = self._get_macro_builtin("metadata_prefix") self.define_macro(f"{sub_prefix}{macro_name}", macro_value) def log_warning(self, message): @@ -351,7 +353,7 @@ class MacroProcessor: i += 1 continue - if c == "%" and peek == "(": + if self.unsafe_code_execution and c == "%" and peek == "(": state = ParserState.IN_CODE i += 2 state_start = i @@ -499,6 +501,8 @@ class MacroProcessor: elif state == ParserState.IN_CODE: if c == ")" and peek == "%": try: + if not self.unsafe_code_execution: + raise Exception("unsafe code execution now allowed!") self._enter_frame("inline_code", file, linenr, input) f = StringIO() with redirect_stdout(f): |