Python expressions from the clipboard

Ircama · Ircama · commit 88f3cec9b1aa · 2022-12-12T22:28:45.000+01:00
diff --git a/construct_editor/widgets/hex_editor.py b/construct_editor/widgets/hex_editor.py
@@ -9,6 +9,8 @@
 from typing import Optional, Callable, List
 import math
 import typing as t
+from tokenize import tokenize, NAME, TokenError
+from io import BytesIO
 
 from construct_editor.helper import CallbackList
 
@@ -606,6 +608,14 @@ class HexEditorGrid(Grid.Grid):
     Grid for editing in hexidecimal notation.
     """
 
+    safe_tokens = [
+        "bytes", "fromhex", "int", "False", "True", "len", "str", "strip",
+        "not", "or", "and", "in", "for", "i", "range", "if", "else", "title",
+        "lower", "upper", "count", "hex", "decode", "encode", "endswith",
+        "startswith", "join", "lstrip", "replace", "rstrip", "split", "rsplit",
+        "lsplit", "zfill", "n"
+    ]
+
     def __init__(
         self,
         editor: "HexEditor",
@@ -919,17 +929,48 @@ def _paste(self, overwrite: bool = False, insert: bool = False) -> bool:
         wx.TheClipboard.GetData(clipboard)
         wx.TheClipboard.Close()
         byts_str: str = clipboard.GetText()
+        org_byts_str = byts_str
 
         # convert string to bytes
         try:
             byts_str = byts_str.replace(" ", "")
+            byts_str = byts_str.replace("'", "")
+            byts_str = byts_str.replace('"', '')
             byts = bytes.fromhex(byts_str)
         except Exception as e:
-            wx.MessageBox(
-                f"Can't convert data from clipboard to bytes.\n\n{str(e)}\n\nClipboard Data:\n{byts_str}",
-                "Warning",
-            )
-            return False
+            try:
+                g = tokenize(BytesIO(org_byts_str.encode('utf-8')).readline)
+                for toknum, tokval, _, _, _ in g:
+                    if toknum == NAME and tokval not in self.safe_tokens:
+                        wx.MessageBox(
+                            f'Unauthorized token "{tokval}" included in '
+                            f"input data.\n\nClipboard Data:\n{byts_str}",
+                            "Error",
+                        )
+                        return False
+            except TokenError as e:
+                wx.MessageBox(
+                    f"Malformed input data.\n\n{str(e)}"
+                    f"\n\nClipboard Data:\n{byts_str}",
+                    "Error",
+                )
+                return False
+            try:
+                byts = eval(org_byts_str.strip())
+                if not isinstance(byts, bytes):
+                    wx.MessageBox(
+                        f"Improper Python string in the clipboard.\n\n{str(e)}"
+                        f"\n\nClipboard Data:\n{byts_str}",
+                        "Error",
+                    )
+                    return False
+            except Exception as e:
+                wx.MessageBox(
+                    f"Can't convert data from clipboard to bytes.\n\n{str(e)}"
+                    f"\n\nClipboard Data:\n{byts_str}",
+                    "Warning",
+                )
+                return False
 
         # copy new data to the binary data
         if overwrite:
