From 77e73d70a9b81a7bbd8e49be52612fc62a9f9502 Mon Sep 17 00:00:00 2001
From: Qrius <qrius@quirio.net>
Date: Tue, 6 May 2025 14:22:33 +0200
Subject: Disable unsafe code execution by default

---
 src/smp/builtins.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/smp/builtins.py')

diff --git a/src/smp/builtins.py b/src/smp/builtins.py
index 36cc380..6beb224 100644
--- a/src/smp/builtins.py
+++ b/src/smp/builtins.py
@@ -113,11 +113,15 @@ def smp_builtin_include_verbatim(macro_processor, filename):
 
 
 def smp_builtin_shell(macro_processor, cmd_args):
+    if not macro_processor.unsafe_code_execution:
+        raise Exception("unsafe code execution now allowed!")
     cmd_args = macro_processor.process_input(cmd_args)
     return subprocess.check_output(cmd_args, shell=True).decode()
 
 
 def smp_builtin_eval(macro_processor, expression):
+    if not macro_processor.unsafe_code_execution:
+        raise Exception("unsafe code execution now allowed!")
     r = eval(
         expression,
         macro_processor.py_local_env_current,
-- 
cgit v1.2.3