/
0001-CVE-2017-18342-1.patch
298 lines (260 loc) · 10.5 KB
/
0001-CVE-2017-18342-1.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
From 7b68405c81db889f83c32846462b238ccae5be80 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 26 Aug 2017 09:26:59 -0400
Subject: [PATCH 1/2] Make pyyaml safe by default.
Change yaml.load/yaml.dump to be yaml.safe_load/yaml.safe_dump, introduced yaml.danger_dump/yaml.danger_load, and the same for various other classes.
(python2 only at this moment)
Refs #5
---
lib/yaml/__init__.py | 41 +++++++++++++++++++++--------------
lib/yaml/cyaml.py | 15 +++++++------
lib/yaml/dumper.py | 8 +++----
lib/yaml/loader.py | 8 +++----
tests/lib/test_constructor.py | 5 ++---
tests/lib/test_recursive.py | 7 +++---
6 files changed, 46 insertions(+), 38 deletions(-)
diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py
index 87c15d3..153a74d 100644
--- a/lib/yaml/__init__.py
+++ b/lib/yaml/__init__.py
@@ -65,17 +65,24 @@ def load(stream, Loader=Loader):
"""
Parse the first YAML document in a stream
and produce the corresponding Python object.
+
+ By default resolve only basic YAML tags, if an alternate Loader is
+ provided, may be dangerous.
"""
loader = Loader(stream)
try:
return loader.get_single_data()
finally:
loader.dispose()
+safe_load = load
def load_all(stream, Loader=Loader):
"""
Parse all YAML documents in a stream
and produce corresponding Python objects.
+
+ By default resolve only basic YAML tags, if an alternate Loader is
+ provided, may be dangerous.
"""
loader = Loader(stream)
try:
@@ -83,22 +90,23 @@ def load_all(stream, Loader=Loader):
yield loader.get_data()
finally:
loader.dispose()
+safe_load_all = load_all
-def safe_load(stream):
+def danger_load(stream):
"""
Parse the first YAML document in a stream
and produce the corresponding Python object.
- Resolve only basic YAML tags.
+ When used on untrusted input, can result in arbitrary code execution.
"""
- return load(stream, SafeLoader)
+ return load(stream, DangerLoader)
-def safe_load_all(stream):
+def danger_load_all(stream):
"""
Parse all YAML documents in a stream
and produce corresponding Python objects.
- Resolve only basic YAML tags.
+ When used on untrusted input, can result in arbitrary code execution.
"""
- return load_all(stream, SafeLoader)
+ return load_all(stream, DangerLoader)
def emit(events, stream=None, Dumper=Dumper,
canonical=None, indent=None, width=None,
@@ -193,29 +201,31 @@ def dump_all(documents, stream=None, Dumper=Dumper,
dumper.dispose()
if getvalue:
return getvalue()
+safe_dump_all = dump_all
-def dump(data, stream=None, Dumper=Dumper, **kwds):
+def danger_dump_all(documents, stream=None, **kwds):
"""
- Serialize a Python object into a YAML stream.
+ Serialize a sequence of Python objects into a YAML stream.
+ Produce only basic YAML tags.
If stream is None, return the produced string instead.
"""
- return dump_all([data], stream, Dumper=Dumper, **kwds)
+ return dump_all(documents, stream, Dumper=DangerDumper, **kwds)
-def safe_dump_all(documents, stream=None, **kwds):
+def dump(data, stream=None, Dumper=Dumper, **kwds):
"""
- Serialize a sequence of Python objects into a YAML stream.
- Produce only basic YAML tags.
+ Serialize a Python object into a YAML stream.
If stream is None, return the produced string instead.
"""
- return dump_all(documents, stream, Dumper=SafeDumper, **kwds)
+ return dump_all([data], stream, Dumper=Dumper, **kwds)
+safe_dump = dump
-def safe_dump(data, stream=None, **kwds):
+def danger_dump(data, stream=None, **kwds):
"""
Serialize a Python object into a YAML stream.
Produce only basic YAML tags.
If stream is None, return the produced string instead.
"""
- return dump_all([data], stream, Dumper=SafeDumper, **kwds)
+ return dump_all([data], stream, Dumper=DangerDumper, **kwds)
def add_implicit_resolver(tag, regexp, first=None,
Loader=Loader, Dumper=Dumper):
@@ -312,4 +322,3 @@ class YAMLObject(object):
return dumper.represent_yaml_object(cls.yaml_tag, data, cls,
flow_style=cls.yaml_flow_style)
to_yaml = classmethod(to_yaml)
-
diff --git a/lib/yaml/cyaml.py b/lib/yaml/cyaml.py
index 68dcd75..5371f63 100644
--- a/lib/yaml/cyaml.py
+++ b/lib/yaml/cyaml.py
@@ -1,6 +1,6 @@
-__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader',
- 'CBaseDumper', 'CSafeDumper', 'CDumper']
+__all__ = ['CBaseLoader', 'CSafeLoader', 'CLoader', 'CDangerLoader',
+ 'CBaseDumper', 'CSafeDumper', 'CDumper', 'CDangerDumper']
from _yaml import CParser, CEmitter
@@ -18,14 +18,15 @@ class CBaseLoader(CParser, BaseConstructor, BaseResolver):
BaseConstructor.__init__(self)
BaseResolver.__init__(self)
-class CSafeLoader(CParser, SafeConstructor, Resolver):
+class CLoader(CParser, SafeConstructor, Resolver):
def __init__(self, stream):
CParser.__init__(self, stream)
SafeConstructor.__init__(self)
Resolver.__init__(self)
+CSafeLoader = CLoader
-class CLoader(CParser, Constructor, Resolver):
+class CDangerLoader(CParser, Constructor, Resolver):
def __init__(self, stream):
CParser.__init__(self, stream)
@@ -49,7 +50,7 @@ class CBaseDumper(CEmitter, BaseRepresenter, BaseResolver):
default_flow_style=default_flow_style)
Resolver.__init__(self)
-class CSafeDumper(CEmitter, SafeRepresenter, Resolver):
+class CDumper(CEmitter, SafeRepresenter, Resolver):
def __init__(self, stream,
default_style=None, default_flow_style=None,
@@ -65,8 +66,9 @@ class CSafeDumper(CEmitter, SafeRepresenter, Resolver):
SafeRepresenter.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)
+CSafeDumper = CDumper
-class CDumper(CEmitter, Serializer, Representer, Resolver):
+class CDangerDumper(CEmitter, Serializer, Representer, Resolver):
def __init__(self, stream,
default_style=None, default_flow_style=None,
@@ -82,4 +84,3 @@ class CDumper(CEmitter, Serializer, Representer, Resolver):
Representer.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)
-
diff --git a/lib/yaml/dumper.py b/lib/yaml/dumper.py
index f811d2c..fcf1f28 100644
--- a/lib/yaml/dumper.py
+++ b/lib/yaml/dumper.py
@@ -1,5 +1,5 @@
-__all__ = ['BaseDumper', 'SafeDumper', 'Dumper']
+__all__ = ['BaseDumper', 'SafeDumper', 'Dumper', 'DangerDumper']
from emitter import *
from serializer import *
@@ -24,7 +24,7 @@ class BaseDumper(Emitter, Serializer, BaseRepresenter, BaseResolver):
default_flow_style=default_flow_style)
Resolver.__init__(self)
-class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):
+class Dumper(Emitter, Serializer, SafeRepresenter, Resolver):
def __init__(self, stream,
default_style=None, default_flow_style=None,
@@ -41,8 +41,9 @@ class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):
SafeRepresenter.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)
+SafeDumper = Dump
-class Dumper(Emitter, Serializer, Representer, Resolver):
+class DangerDumper(Emitter, Serializer, Representer, Resolver):
def __init__(self, stream,
default_style=None, default_flow_style=None,
@@ -59,4 +60,3 @@ class Dumper(Emitter, Serializer, Representer, Resolver):
Representer.__init__(self, default_style=default_style,
default_flow_style=default_flow_style)
Resolver.__init__(self)
-
diff --git a/lib/yaml/loader.py b/lib/yaml/loader.py
index 293ff46..6b18527 100644
--- a/lib/yaml/loader.py
+++ b/lib/yaml/loader.py
@@ -1,5 +1,5 @@
-__all__ = ['BaseLoader', 'SafeLoader', 'Loader']
+__all__ = ['BaseLoader', 'SafeLoader', 'Loader', 'DangerLoader']
from reader import *
from scanner import *
@@ -18,7 +18,7 @@ class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolve
BaseConstructor.__init__(self)
BaseResolver.__init__(self)
-class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
+class Loader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
def __init__(self, stream):
Reader.__init__(self, stream)
@@ -27,8 +27,9 @@ class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
Composer.__init__(self)
SafeConstructor.__init__(self)
Resolver.__init__(self)
+SafeLoader = Loader
-class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+class DangerLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
def __init__(self, stream):
Reader.__init__(self, stream)
@@ -37,4 +38,3 @@ class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
Composer.__init__(self)
Constructor.__init__(self)
Resolver.__init__(self)
-
diff --git a/tests/lib/test_constructor.py b/tests/lib/test_constructor.py
index beee7b0..12d5391 100644
--- a/tests/lib/test_constructor.py
+++ b/tests/lib/test_constructor.py
@@ -19,9 +19,9 @@ def _make_objects():
NewArgs, NewArgsWithState, Reduce, ReduceWithState, MyInt, MyList, MyDict, \
FixedOffset, today, execute
- class MyLoader(yaml.Loader):
+ class MyLoader(yaml.DangerLoader):
pass
- class MyDumper(yaml.Dumper):
+ class MyDumper(yaml.DangerDumper):
pass
class MyTestClass1:
@@ -272,4 +272,3 @@ if __name__ == '__main__':
sys.modules['test_constructor'] = sys.modules['__main__']
import test_appliance
test_appliance.run(globals())
-
diff --git a/tests/lib/test_recursive.py b/tests/lib/test_recursive.py
index 6707fd4..c67c170 100644
--- a/tests/lib/test_recursive.py
+++ b/tests/lib/test_recursive.py
@@ -29,9 +29,9 @@ def test_recursive(recursive_filename, verbose=False):
value2 = None
output2 = None
try:
- output1 = yaml.dump(value1)
- value2 = yaml.load(output1)
- output2 = yaml.dump(value2)
+ output1 = yaml.danger_dump(value1)
+ value2 = yaml.danger_load(output1)
+ output2 = yaml.danger_dump(value2)
assert output1 == output2, (output1, output2)
finally:
if verbose:
@@ -47,4 +47,3 @@ test_recursive.unittest = ['.recursive']
if __name__ == '__main__':
import test_appliance
test_appliance.run(globals())
-
--
2.20.1