From 1a3fde940130585a7f6f335540913b6e7d2acba5 Mon Sep 17 00:00:00 2001 From: Elizabeth Esswein Date: Fri, 7 Oct 2022 15:20:38 -0400 Subject: [PATCH] fix for datetime.strftime --- .../services/process_instance_processor.py | 7 +++++++ .../unit/test_restricted_script_engine.py | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/spiffworkflow_backend/services/process_instance_processor.py b/src/spiffworkflow_backend/services/process_instance_processor.py index 7f8ed7d1..402bd9b0 100644 --- a/src/spiffworkflow_backend/services/process_instance_processor.py +++ b/src/spiffworkflow_backend/services/process_instance_processor.py @@ -83,6 +83,12 @@ from spiffworkflow_backend.services.user_service import UserService # Sorry about all this crap. I wanted to move this thing to another file, but # importing a bunch of types causes circular imports. + +def _import(name: str, glbls: Dict[str, Any], *args: Any) -> None: + if name not in glbls: + raise ImportError(f"Import not allowed: {name}", name=name) + + DEFAULT_GLOBALS.update( { "datetime": datetime, @@ -92,6 +98,7 @@ DEFAULT_GLOBALS.update( ) # This will overwrite the standard builtins DEFAULT_GLOBALS.update(safe_globals) +DEFAULT_GLOBALS["__builtins__"]["__import__"] = _import class CustomBpmnScriptEngine(PythonScriptEngine): # type: ignore diff --git a/tests/spiffworkflow_backend/unit/test_restricted_script_engine.py b/tests/spiffworkflow_backend/unit/test_restricted_script_engine.py index a04dbbec..9b6f1bb3 100644 --- a/tests/spiffworkflow_backend/unit/test_restricted_script_engine.py +++ b/tests/spiffworkflow_backend/unit/test_restricted_script_engine.py @@ -55,4 +55,4 @@ class TestImportModule(BaseTest): with pytest.raises(ApiError) as exception: processor.do_engine_steps(save=True) - assert "ImportError:__import__ not found" in str(exception.value) + assert "Import not allowed: os" in str(exception.value)