Skip to content

Commit

Permalink
Merge pull request #115 from paulosgf/styleupdate
Browse files Browse the repository at this point in the history 
 Fix vulnerable eval() on monopoly plugin
  • Loading branch information
@paulosgf
paulosgf committed Jun 10, 2022
2 parents d2b907d + e6041bb commit 9265f0b
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion src/honeybot/plugins/downloaded/monopoly/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,10 @@ def get_rent(asset, asset_owner, move_amount):
print(num_util)
calc_string = asset.rents[num_util] + " " + str(move_amount)
print(calc_string)
return eval(calc_string)
return eval(
calc_string, {"__builtins__": None},
{"str": str, "int": int, "float": float}
)

elif isinstance(asset, Railroad):
num_rail = len(
Expand Down

0 comments on commit 9265f0b

Please sign in to comment.