Much stricter lockdown via _check_disallowed_items plus adding ModuleWrapper

Author: danthedeckie

README.rst

@@ -443,6 +443,11 @@ A few builtin functions are listed in ``simpleeval.DISALLOW_FUNCTIONS``.  ``type
 If you need to give access to this kind of functionality to your expressions, then be very
 careful.  You'd be better wrapping the functions in your own safe wrappers.
 
+Accessing modules as attributes is disallowed too.
+
+Allowlist recommendation
+------------------------
+
 There is an additional layer of protection you can add in by passing in ``allowed_attrs``, which
 makes all attribute access based opt-in rather than opt-out - which is a lot safer design:
 
@@ -460,8 +465,8 @@ reasonably sensible defaults with BASIC_ALLOWED_ATTRS:
 
 is fine - ``strip()`` should be safe on strings.
 
-It is recommended to add ``allowed_attrs=BASIC_ALLOWED_ATTRS``  whenever possible, and it will
-be the default for 2.x.
+It is strongly recommended to add ``allowed_attrs=BASIC_ALLOWED_ATTRS``  whenever possible,
+and it will be the default for 2.x.
 
 You can add your own classes & limit access to attrs:
 
@@ -482,6 +487,48 @@ You can add your own classes & limit access to attrs:
 
 will now allow access to `foo.bar` but not allow anything else.
 
+Module Access
+-------------
+
+By default, module access is not allowed in simpleeval to prevent accidental or
+malicious access to dangerous functions. However, if you need to expose modules,
+(eg. `numpy` or similar) you can use ``ModuleWrapper`` to do so safely.
+
+``ModuleWrapper`` allows explicit opt-in to module access while still enforcing
+restrictions on dangerous methods and private attributes:
+
+.. code-block:: pycon
+
+    >>> from simpleeval import SimpleEval, ModuleWrapper
+    >>> import os.path
+    >>> s = SimpleEval(names={'path': ModuleWrapper(os.path)})
+    >>> s.eval("path.exists('/etc/passwd')")
+    True
+
+You can also restrict which attributes are accessible by passing an
+``allowed_attrs`` set:
+
+.. code-block:: pycon
+
+    >>> s = SimpleEval(names={
+    ...     'path': ModuleWrapper(os.path, allowed_attrs={'exists', 'join'})
+    ... })
+    >>> s.eval("path.exists('/etc/passwd')")
+    True
+    >>> s.eval("path.dirname('/etc/passwd')")  # Not in allowed_attrs
+    simpleeval.FeatureNotAvailable: Access to 'dirname' is not allowed...
+
+Private attributes (starting with ``_``) and methods in ``DISALLOW_METHODS``
+are always blocked, even if not using an allowlist:
+
+.. code-block:: pycon
+
+    >>> s = SimpleEval(names={'path': ModuleWrapper(os.path)})
+    >>> s.eval("path.__file__")
+    simpleeval.FeatureNotAvailable: Access to private attribute '__file__'...
+
+If you really really need that - you can make your own wrappers and overrides.
+But I advise against it.
 
 Other...
 --------

simpleeval.py

@@ -390,6 +390,50 @@ class MultipleExpressions(UserWarning):
 _ATTR_NOT_FOUND = object()
 
 
+class ModuleWrapper:
+    """Wraps a module to safely expose it in expressions.
+
+    By default, modules are not allowed in simpleeval names to prevent
+    accidental or malicious access to dangerous functions. ModuleWrapper
+    allows explicit opt-in to module access while still enforcing
+    restrictions on dangerous methods and functions.
+
+    Example:
+        >>> from simpleeval import SimpleEval, ModuleWrapper
+        >>> import os.path
+        >>> s = SimpleEval(names={'path': ModuleWrapper(os.path)})
+        >>> s.eval('path.exists("/etc/passwd")')  # Works
+    """
+
+    def __init__(self, module, allowed_attrs=None):
+        """
+        Args:
+            module: The module to wrap
+            allowed_attrs: Optional set of allowed attribute names.
+                          If None, all public attributes are allowed
+                          (but still subject to DISALLOW_METHODS checks).
+        """
+        if not isinstance(module, types.ModuleType):
+            raise TypeError(f"ModuleWrapper requires a module, got {type(module)}")
+        self._module = module
+        self._allowed_attrs = allowed_attrs
+
+    def __getattr__(self, name):
+        # Block private/magic attributes
+        if name.startswith("_"):
+            raise FeatureNotAvailable(f"Access to private attribute '{name}' is not allowed")
+
+        # Check if attribute is in disallowed methods list
+        if name in DISALLOW_METHODS:
+            raise FeatureNotAvailable(f"Method '{name}' is not allowed on modules")
+
+        # Check allowed_attrs whitelist if specified
+        if self._allowed_attrs is not None and name not in self._allowed_attrs:
+            raise FeatureNotAvailable(f"Access to '{name}' is not allowed on this wrapped module")
+
+        return getattr(self._module, name)
+
+
 ########################################
 # Default simple functions to include:
 
@@ -567,6 +611,28 @@ def __init__(self, operators=None, functions=None, names=None, allowed_attrs=Non
     def __del__(self):
         self.nodes = None
 
+    def _check_disallowed_items(self, item):
+        """Check if item contains disallowed functions or modules.
+        Recursively checks containers (list, dict, tuple).
+        Raises FeatureNotAvailable if forbidden content found.
+        ModuleWrapper instances are allowed (explicit opt-in to module access).
+        """
+        # Allow ModuleWrapper (explicit opt-in to module access)
+        if isinstance(item, ModuleWrapper):
+            return
+
+        if isinstance(item, types.ModuleType):
+            raise FeatureNotAvailable("Sorry, modules are not allowed")
+        if isinstance(item, Hashable) and item in DISALLOW_FUNCTIONS:
+            raise FeatureNotAvailable("This function is forbidden")
+
+        if isinstance(item, (list, tuple)):
+            for element in item:
+                self._check_disallowed_items(element)
+        elif isinstance(item, dict):
+            for value in item.values():
+                self._check_disallowed_items(value)
+
     @staticmethod
     def parse(expr):
         """parse an expression into a node tree"""
@@ -601,7 +667,9 @@ def _eval(self, node):
                 "Sorry, {0} is not available in this evaluator".format(type(node).__name__)
             )
 
-        return handler(node)
+        result = handler(node)
+        self._check_disallowed_items(result)
+        return result
 
     def _eval_expr(self, node):
         return self._eval(node.value)