Do not allow import-as to rebind "under names".

666315e1 · Fred Drake · 9579eb05 · 666315e1 · 666315e1
Commit 666315e1 authored Nov 06, 2003 by Fred Drake
2 changed files
--- a/lib/python/RestrictedPython/RestrictionMutator.py
+++ b/lib/python/RestrictedPython/RestrictionMutator.py
@@ -15,7 +15,7 @@ RestrictionMutator modifies a tree produced by
 compiler.transformer.Transformer, restricting and enhancing the
 code in various ways before sending it to pycodegen.
 '''
-__version__='$Revision: 1.10 $'[11:-2]
+__version__='$Revision: 1.11 $'[11:-2]

 from SelectCompiler import ast, parse, OP_ASSIGN, OP_DELETE, OP_APPLY

@@ -271,3 +271,10 @@ class RestrictionMutator:
    def visitAugAssign(self, node, walker):
        node.node.in_aug_assign = 1
        return walker.defaultVisitNode(node)
+
+    def visitImport(self, node, walker):
+        for name, asname in node.names:
+            self.checkName(node, name)
+            if asname:
+                self.checkName(node, asname)
+        return node
--- a/lib/python/RestrictedPython/tests/security_in_syntax.py
+++ b/lib/python/RestrictedPython/tests/security_in_syntax.py
@@ -30,3 +30,13 @@ def bad_attr():

 def no_exec():
    exec 'q = 1'
+
+def no_yield():
+    yield 42
+
+def check_getattr_in_lambda(arg=lambda _getattr=(lambda ob, name: name):
+                                       _getattr):
+    42
+
+def import_as_bad_name():
+    import os as _leading_underscore