safety-screen/Nominatim
1
0
Fork 0
forked from hans/Nominatim
Code Pull Requests Activity

Replaces eval with json.loads for safer dict parsing

Browse Source 
Switches from eval to json.loads when parsing string representations
of dictionaries to  prevent arbitrary code
execution.
This commit is contained in:
Itz-Agasta
2026-01-20 21:54:08 +05:30
parent fe773c12b2
commit 9fa980bca2
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/bdd/utils/checks.py
View File

@@ -58,7 +58,7 @@ COMPARISON_FUNCS = {
None: lambda val, exp: str(val) == exp,
'i': lambda val, exp: str(val).lower() == exp.lower(),
'fm': lambda val, exp: re.fullmatch(exp, val) is not None,
'dict': lambda val, exp: val is None if exp == '-' else (val == eval('{' + exp + '}')),
'dict': lambda val, exp: val is None if exp == '-' else (val == json.loads('{' + exp + '}')),
'in_box': within_box
}