jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-07-23 13:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix strptime in python_script (#133159)

Browse Source 
Co-authored-by: Erik Montnemery <erik@montnemery.com>
This commit is contained in:
G Johansson 2024-12-17 12:41:18 +01:00 committed by Franck Nijhof
parent 8286ec9e60
commit cdea9b5d3a
No known key found for this signature in database
GPG Key ID: D62583BA8AB11CA3
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
homeassistant/components/python_script/__init__.py
View File

@ -1,5 +1,6 @@
"""Component to allow running Python scripts.""" """Component to allow running Python scripts."""
from collections.abc import Mapping, Sequence
import datetime import datetime
import glob import glob
import logging import logging
@ -7,6 +8,7 @@ from numbers import Number
import operator import operator
import os import os
import time import time
import types
from typing import Any from typing import Any
from RestrictedPython import ( from RestrictedPython import (
@ -167,6 +169,20 @@ IOPERATOR_TO_OPERATOR = {
} }
def guarded_import(
name: str,
globals: Mapping[str, object] | None = None,
locals: Mapping[str, object] | None = None,
fromlist: Sequence[str] = (),
level: int = 0,
) -> types.ModuleType:
"""Guard imports."""
# Allow import of _strptime needed by datetime.datetime.strptime
if name == "_strptime":
return __import__(name, globals, locals, fromlist, level)
raise ScriptError(f"Not allowed to import {name}")
def guarded_inplacevar(op: str, target: Any, operand: Any) -> Any: def guarded_inplacevar(op: str, target: Any, operand: Any) -> Any:
"""Implement augmented-assign (+=, -=, etc.) operators for restricted code. """Implement augmented-assign (+=, -=, etc.) operators for restricted code.
@ -232,6 +248,7 @@ def execute(hass, filename, source, data=None, return_response=False):
return getattr(obj, name, default) return getattr(obj, name, default)
extra_builtins = { extra_builtins = {
"__import__": guarded_import,
"datetime": datetime, "datetime": datetime,
"sorted": sorted, "sorted": sorted,
"time": TimeWrapper(), "time": TimeWrapper(),

24
tests/components/python_script/test_init.py
View File

@ -688,3 +688,27 @@ async def test_prohibited_augmented_assignment_operations(
hass.async_add_executor_job(execute, hass, "aug_assign_prohibited.py", case, {}) hass.async_add_executor_job(execute, hass, "aug_assign_prohibited.py", case, {})
await hass.async_block_till_done(wait_background_tasks=True) await hass.async_block_till_done(wait_background_tasks=True)
assert error in caplog.text assert error in caplog.text
async def test_import_allow_strptime(
hass: HomeAssistant, caplog: pytest.LogCaptureFixture
) -> None:
"""Test calling datetime.datetime.strptime works."""
source = """
test_date = datetime.datetime.strptime('2024-04-01', '%Y-%m-%d')
logger.info(f'Date {test_date}')
"""
hass.async_add_executor_job(execute, hass, "test.py", source, {})
await hass.async_block_till_done(wait_background_tasks=True)
assert "Error executing script: Not allowed to import _strptime" not in caplog.text
assert "Date 2024-04-01 00:00:00" in caplog.text
async def test_no_other_imports_allowed(
hass: HomeAssistant, caplog: pytest.LogCaptureFixture
) -> None:
"""Test imports are not allowed."""
source = "import sys"
hass.async_add_executor_job(execute, hass, "test.py", source, {})
await hass.async_block_till_done(wait_background_tasks=True)
assert "Error executing script: Not allowed to import sys" in caplog.text