Skip to content

Commit

Permalink
add MutableSequence.{clear,pop} to modifies_known_mutable check
Browse files Browse the repository at this point in the history
  • Loading branch information
@dylanscott
dylanscott committed Oct 4, 2024
1 parent eb0df04 commit c3ab87b
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/jinja2/sandbox.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,9 @@
),
(
abc.MutableSequence,
frozenset(["append", "reverse", "insert", "sort", "extend", "remove"]),
frozenset(
["append", "clear", "pop", "reverse", "insert", "sort", "extend", "remove"]
),
),
(
deque,
Expand Down
2 changes: 2 additions & 0 deletions tests/test_security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@ def test_unsafe(self, env):
def test_immutable_environment(self, env):
env = ImmutableSandboxedEnvironment()
pytest.raises(SecurityError, env.from_string("{{ [].append(23) }}").render)
pytest.raises(SecurityError, env.from_string("{{ [].clear() }}").render)
pytest.raises(SecurityError, env.from_string("{{ [1].pop() }}").render)
pytest.raises(SecurityError, env.from_string("{{ {1:2}.clear() }}").render)

def test_restricted(self, env):
Expand Down

0 comments on commit c3ab87b

Please sign in to comment.