From ef286602a48977eefe73bbdb3568282244db1aca Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Sat, 4 Sep 2021 21:42:55 -0400
Subject: sploit: Properly scope user-script execution

Rather than implicitly inheriting names in scope for the user-script,
this collection is sanitized and we only export the 'comm' communication
object.  This seems to be a safer way to operate and addresses an issue
with sub-scopes in the user's script not functioning properly.
(Previously, user-defined functions did not have access to globals, or
library functions.)

Additionally, the user's code is now passed through compile() to attach
the original file name.  This is useful for debugging / diagnostic
situations, to make it more obvious if a crash originated from the
user's script.

Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
---
 sploit/main.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sploit/main.py b/sploit/main.py
index 0bc799e..4697715 100644
--- a/sploit/main.py
+++ b/sploit/main.py
@@ -53,7 +53,7 @@ def target(script, target):
 
 def runscript(script, comm):
     print("Running Script...")
-    exec(open(script).read())
+    code = compile(open(script).read(), script, 'exec')
+    exec(code, {'comm': comm})
     print("Script Finished!")
     comm.readall()
-
-- 
cgit v1.2.3