Commit a8db2a2c authored by Mike Hommey's avatar Mike Hommey
Browse files

Bug 1258619 - Properly sandbox functions inside a template. r=chmanchester 

The way functions are being sandboxed in moz.configure land is that
their global namespace is being replaced with a limited and identifiable
dict. And we avoid re-wrapping a function that already received this
treatment.

The problem is that template functions have their global namespace
replaced, and any function that is defined within the template inherits
that global namespace. So when it comes time to wrap those functions
defined in templates with e.g. depends, we detect that they're already
wrapped although they are not, because we look if their global namespace
is of the recognizable type we use when replacing it.

So instead of looking at the global namespace type, keep track of all
functions that are wrapped.
parent 2ee88557

build/moz.configure/init.configure

+1 −1
Original line number Diff line number Diff line
@@ -239,9 +239,9 @@ def command_line_helper(): 
# All options defined above this point can't be injected in mozconfig_options

# below, so collect them.

@template

@advanced

def early_options():

    @depends('--help')

    @advanced

    def early_options(help):

        return set(

            option.env

python/mozbuild/mozbuild/configure/__init__.py

+5 −1
Original line number Diff line number Diff line
@@ -133,6 +133,9 @@ class ConfigureSandbox(dict): 
        # infered.

        self._implied_options = {}



        # Store all results from _prepare_function

        self._prepared_functions = set()



        self._helper = CommandLineHelper(environ, argv)



        self._config, self._stdout, self._stderr = config, stdout, stderr
@@ -425,7 +428,7 @@ class ConfigureSandbox(dict): 
        '''

        if not inspect.isfunction(func):

            raise TypeError("Unexpected type: '%s'" % type(func))

        if isinstance(func.func_globals, SandboxedGlobal):

        if func in self._prepared_functions:

            return func, func.func_globals



        glob = SandboxedGlobal(func.func_globals)
@@ -441,4 +444,5 @@ class ConfigureSandbox(dict): 
            func.func_defaults,

            func.func_closure

        ))

        self._prepared_functions.add(func)

        return func, glob