diff options
| author | Malfurious <m@lfurio.us> | 2021-09-04 21:42:55 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2021-09-05 05:59:50 -0400 |
| commit | ef286602a48977eefe73bbdb3568282244db1aca (patch) | |
| tree | c74581a2fe8032ce980b68bb32dfe5b7cb0c631f | |
| parent | 227f76cd3d395abac950422721ae311b17f12ac5 (diff) | |
| download | sploit-ef286602a48977eefe73bbdb3568282244db1aca.tar.gz sploit-ef286602a48977eefe73bbdb3568282244db1aca.zip | |
sploit: Properly scope user-script execution
Rather than implicitly inheriting names in scope for the user-script,
this collection is sanitized and we only export the 'comm' communication
object. This seems to be a safer way to operate and addresses an issue
with sub-scopes in the user's script not functioning properly.
(Previously, user-defined functions did not have access to globals, or
library functions.)
Additionally, the user's code is now passed through compile() to attach
the original file name. This is useful for debugging / diagnostic
situations, to make it more obvious if a crash originated from the
user's script.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
| -rw-r--r-- | sploit/main.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sploit/main.py b/sploit/main.py index 0bc799e..4697715 100644 --- a/sploit/main.py +++ b/sploit/main.py @@ -53,7 +53,7 @@ def target(script, target): def runscript(script, comm): print("Running Script...") - exec(open(script).read()) + code = compile(open(script).read(), script, 'exec') + exec(code, {'comm': comm}) print("Script Finished!") comm.readall() - |