vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: check return type of getattr (#37873)

Browse source
This commit is contained in:
Ankush Menat 2026-03-09 19:34:25 +05:30 committed by GitHub
parent 2aced82d81
commit 546100ec60
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
frappe/utils/safe_exec.py
View file

@ -543,7 +543,11 @@ def _getattr_for_safe_exec(object, name, default=None):
# 2. it is not an UNSAFE_ATTRIBUTES
_validate_attribute_read(object, name)
return RestrictedPython.Guards.safer_getattr(object, name, default=default)
ret = RestrictedPython.Guards.safer_getattr(object, name, default=default)
if isinstance(ret, types.ModuleType | types.CodeType | types.TracebackType | types.FrameType):
raise SyntaxError(f"Reading {type(ret)} is not allowed")
return ret
def _get_attr_for_eval(object, name, default=ARGUMENT_NOT_SET):