Fix remote exploit

- fixes the exploit so that 0.6.2 can be used in tests
2020-10-01 15:40:08 +02:00 · 2020-10-01 15:40:08 +02:00 · 3822c1e934
commit 3822c1e934
parent b304872b68
1 changed files with 5 additions and 3 deletions
--- a/src/messagetypes/init.py
+++ b/src/messagetypes/init.py
@ -3,8 +3,10 @@ from os import path, listdir
 from string import lower

 from debug import logger
+import messagetypes
 import paths

+
 class MsgBase(object):
    def encode(self):
        self.data = {"": lower(type(self).__name__)}
@ -12,8 +14,8 @@ class MsgBase(object):

 def constructObject(data):
    try:
-        classBase = eval(data[""] + "." + data[""].title())
-    except NameError:
+        classBase = getattr(getattr(messagetypes, data[""]), data[""].title())
+    except (NameError, AttributeError):
        logger.error("Don't know how to handle message type: \"%s\"", data[""])
        return None
    try:
@ -39,7 +41,7 @@ else:
        if splitted[1] != ".py":
            continue
        try:
-            import_module("." + splitted[0], "messagetypes")
+            import_module(".{}".format(splitted[0]), "messagetypes")
        except ImportError:
            logger.error("Error importing %s", mod, exc_info=True)
        else: