Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
do some security checks to make sure Py::Module is valid
  • Loading branch information
wwmayer committed Jun 3, 2019
1 parent feff5fa commit 13480d6
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 2 deletions.
4 changes: 4 additions & 0 deletions src/Gui/ApplicationPy.cpp
Expand Up @@ -1038,6 +1038,10 @@ PyObject* Application::sAddCommand(PyObject * /*self*/, PyObject *args)
try {
Base::PyGILStateLocker lock;
Py::Module mod(PyImport_ImportModule("inspect"), true);
if (mod.isNull()) {
PyErr_SetString(PyExc_ImportError, "Cannot load inspect module");
return 0;
}
Py::Callable inspect(mod.getAttr("stack"));
Py::Tuple args;
Py::List list(inspect.apply(args));
Expand Down
14 changes: 14 additions & 0 deletions src/Mod/Mesh/App/Mesh.cpp
Expand Up @@ -1504,6 +1504,8 @@ MeshObject* MeshObject::createSphere(float radius, int sampling)
Base::PyGILStateLocker lock;
try {
Py::Module module(PyImport_ImportModule("BuildRegularGeoms"),true);
if (module.isNull())
return 0;
Py::Dict dict = module.getDict();
Py::Callable call(dict.getItem("Sphere"));
Py::Tuple args(2);
Expand All @@ -1529,6 +1531,8 @@ MeshObject* MeshObject::createEllipsoid(float radius1, float radius2, int sampli
Base::PyGILStateLocker lock;
try {
Py::Module module(PyImport_ImportModule("BuildRegularGeoms"),true);
if (module.isNull())
return 0;
Py::Dict dict = module.getDict();
Py::Callable call(dict.getItem("Ellipsoid"));
Py::Tuple args(3);
Expand All @@ -1555,6 +1559,8 @@ MeshObject* MeshObject::createCylinder(float radius, float length, int closed, f
Base::PyGILStateLocker lock;
try {
Py::Module module(PyImport_ImportModule("BuildRegularGeoms"),true);
if (module.isNull())
return 0;
Py::Dict dict = module.getDict();
Py::Callable call(dict.getItem("Cylinder"));
Py::Tuple args(5);
Expand Down Expand Up @@ -1585,6 +1591,8 @@ MeshObject* MeshObject::createCone(float radius1, float radius2, float len, int
Base::PyGILStateLocker lock;
try {
Py::Module module(PyImport_ImportModule("BuildRegularGeoms"),true);
if (module.isNull())
return 0;
Py::Dict dict = module.getDict();
Py::Callable call(dict.getItem("Cone"));
Py::Tuple args(6);
Expand Down Expand Up @@ -1616,6 +1624,8 @@ MeshObject* MeshObject::createTorus(float radius1, float radius2, int sampling)
Base::PyGILStateLocker lock;
try {
Py::Module module(PyImport_ImportModule("BuildRegularGeoms"),true);
if (module.isNull())
return 0;
Py::Dict dict = module.getDict();
Py::Callable call(dict.getItem("Toroid"));
Py::Tuple args(3);
Expand All @@ -1642,6 +1652,8 @@ MeshObject* MeshObject::createCube(float length, float width, float height)
Base::PyGILStateLocker lock;
try {
Py::Module module(PyImport_ImportModule("BuildRegularGeoms"),true);
if (module.isNull())
return 0;
Py::Dict dict = module.getDict();
Py::Callable call(dict.getItem("Cube"));
Py::Tuple args(3);
Expand All @@ -1664,6 +1676,8 @@ MeshObject* MeshObject::createCube(float length, float width, float height, floa
Base::PyGILStateLocker lock;
try {
Py::Module module(PyImport_ImportModule("BuildRegularGeoms"),true);
if (module.isNull())
return 0;
Py::Dict dict = module.getDict();
Py::Callable call(dict.getItem("FineCube"));
Py::Tuple args(4);
Expand Down
4 changes: 2 additions & 2 deletions src/Mod/Part/App/AttachEnginePyImp.cpp
Expand Up @@ -262,7 +262,7 @@ PyObject* AttachEnginePy::getModeInfo(PyObject* args)
#endif
try {
Py::Module module(PyImport_ImportModule("PartGui"),true);
if (!module.hasAttr("AttachEngineResources")) {
if (module.isNull() || !module.hasAttr("AttachEngineResources")) {
// in v0.14+, the GUI module can be loaded in console mode (but doesn't have all its document methods)
throw Py::RuntimeError("Gui is not up");//DeepSOIC: wanted to throw ImportError here, but it's not defined, so I don't know...
}
Expand Down Expand Up @@ -357,7 +357,7 @@ PyObject* AttachEnginePy::getRefTypeInfo(PyObject* args)

try {
Py::Module module(PyImport_ImportModule("PartGui"),true);
if (!module.hasAttr("AttachEngineResources")) {
if (module.isNull() || !module.hasAttr("AttachEngineResources")) {
// in v0.14+, the GUI module can be loaded in console mode (but doesn't have all its document methods)
throw Py::RuntimeError("Gui is not up");//DeepSOIC: wanted to throw ImportError here, but it's not defined, so I don't know...
}
Expand Down

0 comments on commit 13480d6

Please sign in to comment.