← Back to branch summary

~openerp-idu/openobject-client/6.1

« back to all changes in this revision

Viewing changes to bin/tiny_socket.py

  • Committer: Naresh(OpenERP)
  • Date: 2011-07-12 06:49:31 UTC
  • mto: This revision was merged to the branch mainline in revision 1923.
  • Revision ID: nch@tinyerp.com-20110712064931-531wqhs6xgfg66ac
[IMP]:added all types of exceptions in the safe_classes

Show diffs side-by-side

added added

removed removed

Lines of Context:
bin/tiny_socket.py
23
23
import cPickle
24
24
import cStringIO
25
25
import sys
 
26
import exceptions
26
27
import options
27
28
 
28
29
DNS_CACHE = {}
45
46
 
46
47
# Safety class instance loader for unpickling.
47
48
# Inspired by http://nadiana.com/python-pickle-insecure#How_to_Make_Unpickling_Safer
48
 
SAFE_CLASSES = { 'exceptions' : ['Exception'] }
 
49
EXCEPTION_CLASSES = [x for x in dir(exceptions) if type(getattr(exceptions,x)) == type]
 
50
SAFE_CLASSES = { 'exceptions' : EXCEPTION_CLASSES }
49
51
def find_global(module, name):
50
52
    if module not in SAFE_CLASSES or name not in SAFE_CLASSES[module]:
51
 
        raise cPickle.UnpicklingError('Unsafe pickled class instance: %s.%s' % (module,name))
 
53
        raise cPickle.UnpicklingError('Attempting to unpickle unsafe module %s.%s' % (module,name))
52
54
    __import__(module)
53
55
    mod = sys.modules[module]
54
56
    return getattr(mod, name)