Skip to content

Commit

Permalink
security for eval
Browse files Browse the repository at this point in the history
  • Loading branch information
@blackholll
blackholll committed Nov 21, 2021
1 parent d8ba3fa commit 4ed8e2c
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion service/ticket/ticket_base_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2128,7 +2128,8 @@ def get_next_state_id_by_transition_and_ticket_info(cls, ticket_id: int=0, ticke
expression = condition_expression0.get('expression')
expression_format = expression.format(**ticket_all_value_dict_copy)
import datetime, time # 用于支持条件表达式中对时间的操作
if eval(expression_format, {'__builtins__':None}, {'datetime':datetime, 'time':time}):
# 为了安全考虑,仅支持datetime, time, abs. 如果你需要其他库函数,可参考datetime、abs这些自行添加
if eval(expression_format, {'__builtins__': None}, {'datetime': datetime, 'time': time, 'abs': abs}):
destination_state_id = condition_expression0.get('target_state_id')
break

Expand Down

0 comments on commit 4ed8e2c

Please sign in to comment.