From f1f271abbeb409f53c8624cad20274a13b78c0f2 Mon Sep 17 00:00:00 2001 From: BodgeMaster <> Date: Sat, 26 Nov 2022 15:19:02 +0100 Subject: [PATCH] Enforce command/condition whitelist --- lambdaV.py | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/lambdaV.py b/lambdaV.py index 0d7c107..e2c7db9 100644 --- a/lambdaV.py +++ b/lambdaV.py @@ -304,9 +304,13 @@ def parse_condition(condition_code, allowed_conditions): else: debug_message(" Unknown condition: "+condition_code) return [condition, inverted, "Unknown condition: "+condition_code] + + if not condition_code in allowed_conditions: + return [condition, inverted, "Condition is not allowed here: "+condition_code] + return [condition, inverted, ""] -# returns [[functions], [arguments], -1, ""] or [[], [], error_position, "error message"] +# returns [[functions], [arguments], -1, "", "formatted code"] or [[], [], error_position, "error message", "formatted code"] def parse_code(code, allowed_commands, allowed_conditions, unformatted_code=True): if unformatted_code: code = format_code(code) @@ -328,15 +332,22 @@ def parse_code(code, allowed_commands, allowed_conditions, unformatted_code=True debug_message("Next command is: "+next_command) parsed_code[1].append(()) - #TODO: add function to to the function list if next_command == "step": parsed_code[0].append(command_step) + if not next_command in allowed_commands: + return [[], [], parse_position, "Command is not allowed here: "+next_command, code] elif next_command == "left": parsed_code[0].append(command_left) + if not next_command in allowed_commands: + return [[], [], parse_position, "Command is not allowed here: "+next_command, code] elif next_command == "right": parsed_code[0].append(command_right) + if not next_command in allowed_commands: + return [[], [], parse_position, "Command is not allowed here: "+next_command, code] elif next_command == "take": parsed_code[0].append(command_take) + if not next_command in allowed_commands: + return [[], [], parse_position, "Command is not allowed here: "+next_command, code] elif next_command == "repeat": return [[], [], next_space, "Syntax error: Number of repetitions missing", code] elif next_command == "while": @@ -354,6 +365,10 @@ def parse_code(code, allowed_commands, allowed_conditions, unformatted_code=True control_structure = code[parse_position:next_condition] if control_structure == "repeat": debug_message(" Type: repeat loop") + # This is checked here because otherwise it would throw a bogus error message for unknown control structures. + if not control_structure in allowed_commands: + return [[], [], parse_position, "Command is not allowed here: "+control_structure, code] + parse_position = next_condition repetitions_length = get_length_of_condition(code[parse_position:]) if repetitions_length == -2: @@ -387,6 +402,10 @@ def parse_code(code, allowed_commands, allowed_conditions, unformatted_code=True continue elif control_structure == "if": debug_message(" Type: if statement") + # This is checked here because otherwise it would throw a bogus error message for unknown control structures. + if not control_structure in allowed_commands: + return [[], [], parse_position, "Command is not allowed here: "+control_structure, code] + parse_position = next_condition condition_length = get_length_of_condition(code[parse_position:]) if condition_length == -2: @@ -432,6 +451,10 @@ def parse_code(code, allowed_commands, allowed_conditions, unformatted_code=True continue elif control_structure == "while": debug_message(" Type: while loop") + # This is checked here because otherwise it would throw a bogus error message for unknown control structures. + if not control_structure in allowed_commands: + return [[], [], parse_position, "Command is not allowed here: "+control_structure, code] + parse_position = next_condition condition_length = get_length_of_condition(code[parse_position:]) if condition_length == -2: