8000 Merge pull request #21561 from meeseeksmachine/auto-backport-of-pr-21… · matplotlib/matplotlib@ed2b1d0 · GitHub
[go: up one dir, main page]
Skip to content

Commit ed2b1d0

Browse files
jklymakjklymak
authored
Merge pull request #21561 from meeseeksmachine/auto-backport-of-pr-21555-on-v3.5.x
2 parents 85955bf + d1520ca commit ed2b1d0

File tree

2 files changed

+19
-3
lines changed

2 files changed

+19
-3
lines changed

lib/matplotlib/rcsetup.py

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -700,6 +700,13 @@ def cycler(*args, **kwargs):
700700
return reduce(operator.add, (ccycler(k, v) for k, v in validated))
701701

702702

703+
class _DunderChecker(ast.NodeVisitor):
704+
def visit_Attribute(self, node):
705+
if node.attr.startswith("__") and node.attr.endswith("__"):
706+
raise ValueError("cycler strings with dunders are forbidden")
707+
self.generic_visit(node)
708+
709+
703710
def validate_cycler(s):
704711
"""Return a Cycler object from a string repr or the object itself."""
705712
if isinstance(s, str):
@@ -715,9 +722,7 @@ def validate_cycler(s):
715722
# We should replace this eval with a combo of PyParsing and
716723
# ast.literal_eval()
717724
try:
718-
if '.__' in s.replace(' ', ''):
719-
raise ValueError("'%s' seems to have dunder methods. Raising"
720-
" an exception for your safety")
725+
_DunderChecker().visit(ast.parse(s))
721726
s = eval(s, {'cycler': cycler, '__builtins__': {}})
722727
except BaseException as e:
723728
raise ValueError("'%s' is not a valid cycler construction: %s" %

lib/matplotlib/tests/test_rcparams.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -278,6 +278,17 @@ def generate_validator_testcases(valid):
278278
('cycler("bleh, [])', ValueError), # syntax error
279279
('Cycler("linewidth", [1, 2, 3])',
280280
ValueError), # only 'cycler()' function is allowed
281+
# do not allow dunder in string literals
282+
("cycler('c', [j.__class__(j) for j in ['r', 'b']])",
283+
ValueError),
284+
("cycler('c', [j. __class__(j) for j in ['r', 'b']])",
285+
ValueError),
286+
("cycler('c', [j.\t__class__(j) for j in ['r', 'b']])",
287+
ValueError),
288+
("cycler('c', [j.\u000c__class__(j) for j in ['r', 'b']])",
289+
ValueError),
290+
("cycler('c', [j.__class__(j).lower() for j in ['r', 'b']])",
291+
ValueError),
281292
('1 + 2', ValueError), # doesn't produce a Cycler object
282293
('os.system("echo Gotcha")', ValueError), # os not available
283294
('import os', ValueError), # should not be able to import

0 commit comments

Comments
 (0)
0