Include further builtins

2025-10-31 07:57:27 +03:00 · 2023-12-30 09:30:12 +11:00 · 2023-12-30 09:30:12 +11:00 · 557ba59d13
commit 557ba59d13
parent 0ca3c33c59
3 changed files with 12 additions and 4 deletions
--- a/Tests/test_imagemath.py
+++ b/Tests/test_imagemath.py
@ -69,6 +69,11 @@ def test_prevent_double_underscores():
        ImageMath.eval("1", {"__": None})


+def test_prevent_builtins():
+    with pytest.raises(ValueError):
+        ImageMath.eval("(lambda: exec('exit()'))()", {"exec": None})
+
+
 def test_logical():
    assert pixel(ImageMath.eval("not A", images)) == 0
    assert pixel(ImageMath.eval("A and B", images)) == "L 2"
--- a/docs/releasenotes/10.2.0.rst
+++ b/docs/releasenotes/10.2.0.rst
@ -62,10 +62,13 @@ output only the quantization and Huffman tables for the image.
 Security
 ========

-TODO
-^^^^
+Restricted environment keys for ImageMath.eval
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-TODO
+:cve:`2023-50447`: If an attacker has control over the keys passed to the
+``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute
+arbitrary code. To prevent this, keys matching the names of builtins and keys
+containing double underscores will now raise a :py:exc:`ValueError`.

 Other Changes
 =============
--- a/src/PIL/ImageMath.py
+++ b/src/PIL/ImageMath.py
@ -235,7 +235,7 @@ def eval(expression, _dict={}, **kw):
    # build execution namespace
    args = ops.copy()
    for k in list(_dict.keys()) + list(kw.keys()):
-        if "__" in k or hasattr(__builtins__, k):
+        if "__" in k or hasattr(builtins, k):
            msg = f"'{k}' not allowed"
            raise ValueError(msg)