Skip to content

Commit

Permalink
Merge commit from fork
Browse files Browse the repository at this point in the history
fix format string vulnerability
  • Loading branch information
davidism authored Dec 19, 2024
2 parents 0871c71 + 91a972f commit 48b0687
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 38 deletions.
3 changes: 3 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ Version 3.1.5

Unreleased

- The sandboxed environment handles indirect calls to ``str.format``, such as
by passing a stored reference to a filter that calls its argument.
:ghsa:`q2x7-8rv6-6q7h`
- Sandbox does not allow ``clear`` and ``pop`` on known mutable sequence
types. :issue:`2032`
- Calling sync ``render`` for an async template uses ``asyncio.run``.
Expand Down
81 changes: 43 additions & 38 deletions src/jinja2/sandbox.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
from _string import formatter_field_name_split # type: ignore
from collections import abc
from collections import deque
from functools import update_wrapper
from string import Formatter

from markupsafe import EscapeFormatter
Expand Down Expand Up @@ -83,20 +84,6 @@
)


def inspect_format_method(callable: t.Callable[..., t.Any]) -> t.Optional[str]:
if not isinstance(
callable, (types.MethodType, types.BuiltinMethodType)
) or callable.__name__ not in ("format", "format_map"):
return None

obj = callable.__self__

if isinstance(obj, str):
return obj

return None


def safe_range(*args: int) -> range:
"""A range that can't generate ranges with a length of more than
MAX_RANGE items.
Expand Down Expand Up @@ -316,6 +303,9 @@ def getitem(
except AttributeError:
pass
else:
fmt = self.wrap_str_format(value)
if fmt is not None:
return fmt
if self.is_safe_attribute(obj, argument, value):
return value
return self.unsafe_undefined(obj, argument)
Expand All @@ -333,6 +323,9 @@ def getattr(self, obj: t.Any, attribute: str) -> t.Union[t.Any, Undefined]:
except (TypeError, LookupError):
pass
else:
fmt = self.wrap_str_format(value)
if fmt is not None:
return fmt
if self.is_safe_attribute(obj, attribute, value):
return value
return self.unsafe_undefined(obj, attribute)
Expand All @@ -348,34 +341,49 @@ def unsafe_undefined(self, obj: t.Any, attribute: str) -> Undefined:
exc=SecurityError,
)

def format_string(
self,
s: str,
args: t.Tuple[t.Any, ...],
kwargs: t.Dict[str, t.Any],
format_func: t.Optional[t.Callable[..., t.Any]] = None,
) -> str:
"""If a format call is detected, then this is routed through this
method so that our safety sandbox can be used for it.
def wrap_str_format(self, value: t.Any) -> t.Optional[t.Callable[..., str]]:
"""If the given value is a ``str.format`` or ``str.format_map`` method,
return a new function than handles sandboxing. This is done at access
rather than in :meth:`call`, so that calls made without ``call`` are
also sandboxed.
"""
if not isinstance(
value, (types.MethodType, types.BuiltinMethodType)
) or value.__name__ not in ("format", "format_map"):
return None

f_self: t.Any = value.__self__

if not isinstance(f_self, str):
return None

str_type: t.Type[str] = type(f_self)
is_format_map = value.__name__ == "format_map"
formatter: SandboxedFormatter
if isinstance(s, Markup):
formatter = SandboxedEscapeFormatter(self, escape=s.escape)

if isinstance(f_self, Markup):
formatter = SandboxedEscapeFormatter(self, escape=f_self.escape)
else:
formatter = SandboxedFormatter(self)

if format_func is not None and format_func.__name__ == "format_map":
if len(args) != 1 or kwargs:
raise TypeError(
"format_map() takes exactly one argument"
f" {len(args) + (kwargs is not None)} given"
)
vformat = formatter.vformat

def wrapper(*args: t.Any, **kwargs: t.Any) -> str:
if is_format_map:
if kwargs:
raise TypeError("format_map() takes no keyword arguments")

if len(args) != 1:
raise TypeError(
f"format_map() takes exactly one argument ({len(args)} given)"
)

kwargs = args[0]
args = ()

kwargs = args[0]
args = ()
return str_type(vformat(f_self, args, kwargs))

rv = formatter.vformat(s, args, kwargs)
return type(s)(rv)
return update_wrapper(wrapper, value)

def call(
__self, # noqa: B902
Expand All @@ -385,9 +393,6 @@ def call(
**kwargs: t.Any,
) -> t.Any:
"""Call an object from sandboxed code."""
fmt = inspect_format_method(__obj)
if fmt is not None:
return __self.format_string(fmt, args, kwargs, __obj)

# the double prefixes are to avoid double keyword argument
# errors when proxying the call.
Expand Down
17 changes: 17 additions & 0 deletions tests/test_security.py
Original file line number Diff line number Diff line change
Expand Up @@ -173,3 +173,20 @@ def test_safe_format_all_okay(self):
'{{ ("a{x.foo}b{y}"|safe).format_map({"x":{"foo": 42}, "y":"<foo>"}) }}'
)
assert t.render() == "a42b&lt;foo&gt;"

def test_indirect_call(self):
def run(value, arg):
return value.run(arg)

env = SandboxedEnvironment()
env.filters["run"] = run
t = env.from_string(
"""{% set
ns = namespace(run="{0.__call__.__builtins__[__import__]}".format)
%}
{{ ns | run(not_here) }}
"""
)

with pytest.raises(SecurityError):
t.render()

0 comments on commit 48b0687

Please # to comment.