From 440c6df811a8735d9de98622801fe087f22d5faa Mon Sep 17 00:00:00 2001 From: tomaioo Date: Mon, 25 May 2026 11:31:38 -0700 Subject: [PATCH] fix(core): unsafe eval in safe_eval.py allows code injection The `safe_eval` function in `safe_eval.py` accepts a `globals` parameter that is passed directly to `eval()`. While the `Transformer` class restricts access to names, the `globals` dictionary can contain arbitrary callables or objects that bypass name-based restrictions. An attacker could pass a crafted `globals` dict with `__import__`, `open`, or other dangerous builtins disguised as allowed names, or use dunder methods on allowed types to execute arbitrary code. The function also uses `eval()` with `compile()` output, which can still execute arbitrary code if the AST is not fully sanitized. Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com> --- packages/core/src/robotcode/core/utils/safe_eval.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/core/src/robotcode/core/utils/safe_eval.py b/packages/core/src/robotcode/core/utils/safe_eval.py index e1d7703bb..8e01f1688 100644 --- a/packages/core/src/robotcode/core/utils/safe_eval.py +++ b/packages/core/src/robotcode/core/utils/safe_eval.py @@ -54,9 +54,9 @@ def visit_Name(self, node: ast.Name) -> ast.AST: return self.generic_visit(node) -def safe_eval(source: str, globals: Dict[str, Any] = {}, filename: str = "") -> Any: - transformer = Transformer(list(globals.keys())) +def safe_eval(source: str, filename: str = "") -> Any: + transformer = Transformer(None) tree = ast.parse(source, mode="eval") tree = transformer.visit(tree) clause = compile(tree, filename, "eval", dont_inherit=True) - return eval(clause, globals, {}) + return eval(clause, {}, {})