From 7c90e20a2c2db0a1941df16fcbfeac3bd7a35b96 Mon Sep 17 00:00:00 2001 From: Sergey B Kirpichev Date: Fri, 19 Dec 2025 07:09:11 +0300 Subject: [PATCH 1/5] gh-141778: add missing validation in ast.literal_eval() for non-string input This also changes parsing of the private `__text_signature__` attribute by inspect.signature(). Now we accept here only types, valid for ast.Constant(). --- Lib/ast.py | 13 +++++++++++-- Lib/inspect.py | 3 ++- Lib/test/test_ast/test_ast.py | 4 ++++ Lib/test/test_inspect/test_inspect.py | 4 +++- .../2025-12-19-07-09-02.gh-issue-141778.VdSWcy.rst | 2 ++ 5 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2025-12-19-07-09-02.gh-issue-141778.VdSWcy.rst diff --git a/Lib/ast.py b/Lib/ast.py index d9743ba7ab40b12..4badca2eabc76c0 100644 --- a/Lib/ast.py +++ b/Lib/ast.py @@ -59,17 +59,26 @@ def literal_eval(node_or_string): """ if isinstance(node_or_string, str): node_or_string = parse(node_or_string.lstrip(" \t"), mode='eval').body + return _convert_literal(node_or_string, True) elif isinstance(node_or_string, Expression): node_or_string = node_or_string.body return _convert_literal(node_or_string) -def _convert_literal(node): +_type_None = type(None) +_type_Ellipsis = type(...) + + +def _convert_literal(node, omit_validation=False): """ Used by `literal_eval` to convert an AST node into a value. """ if isinstance(node, Constant): - return node.value + if omit_validation: + return node.value + if type(value := node.value) in (str, bytes, int, float, complex, + bool, _type_None, _type_Ellipsis): + return value if isinstance(node, Dict) and len(node.keys) == len(node.values): return dict(zip( map(_convert_literal, node.keys), diff --git a/Lib/inspect.py b/Lib/inspect.py index 07c4e28f0d9952f..93c05a12c07bb5f 100644 --- a/Lib/inspect.py +++ b/Lib/inspect.py @@ -2216,7 +2216,8 @@ def wrap_value(s): except NameError: raise ValueError - if isinstance(value, (str, int, float, bytes, bool, type(None))): + if type(value) in (str, int, float, bytes, bool, complex, + type(None), type(...)): return ast.Constant(value) raise ValueError diff --git a/Lib/test/test_ast/test_ast.py b/Lib/test/test_ast/test_ast.py index d2b76b46dbe2eba..7bbdfc63eb424cc 100644 --- a/Lib/test/test_ast/test_ast.py +++ b/Lib/test/test_ast/test_ast.py @@ -1890,6 +1890,10 @@ def test_literal_eval(self): self.assertRaises(ValueError, ast.literal_eval, '++6') self.assertRaises(ValueError, ast.literal_eval, '+True') self.assertRaises(ValueError, ast.literal_eval, '2+3') + # gh-141778: reject values of invalid types + node = ast.Expression(body=ast.Constant(object())) + ast.fix_missing_locations(node) + self.assertRaises(ValueError, ast.literal_eval, node) def test_literal_eval_str_int_limit(self): with support.adjust_int_max_str_digits(4000): diff --git a/Lib/test/test_inspect/test_inspect.py b/Lib/test/test_inspect/test_inspect.py index 075e1802bebc3e5..97ee587b74d5cb9 100644 --- a/Lib/test/test_inspect/test_inspect.py +++ b/Lib/test/test_inspect/test_inspect.py @@ -6286,7 +6286,9 @@ def test_threading_module_has_signatures(self): def test_thread_module_has_signatures(self): import _thread no_signature = {'RLock'} - self._test_module_has_signatures(_thread, no_signature) + unsupported_signature = {'interrupt_main'} + self._test_module_has_signatures(_thread, no_signature, + unsupported_signature) def test_time_module_has_signatures(self): no_signature = { diff --git a/Misc/NEWS.d/next/Library/2025-12-19-07-09-02.gh-issue-141778.VdSWcy.rst b/Misc/NEWS.d/next/Library/2025-12-19-07-09-02.gh-issue-141778.VdSWcy.rst new file mode 100644 index 000000000000000..77257f65619a06a --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-12-19-07-09-02.gh-issue-141778.VdSWcy.rst @@ -0,0 +1,2 @@ +Validate value types of :class:`ast.Constant` nodes in the +:func:`ast.literal_eval`. Patch by Sergey B Kirpichev. From e3c4a80229bcdd8547bedd42498948ae37be9fd1 Mon Sep 17 00:00:00 2001 From: Sergey B Kirpichev Date: Sun, 24 May 2026 11:56:16 +0300 Subject: [PATCH 2/5] revert unrelated change --- Lib/inspect.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/inspect.py b/Lib/inspect.py index 8a51ce3180fcee2..af6aa3eb37a53bb 100644 --- a/Lib/inspect.py +++ b/Lib/inspect.py @@ -2208,7 +2208,7 @@ def wrap_value(s): raise ValueError if isinstance(value, (str, int, float, bytes, bool, type(None), - type(...), sentinel)): + sentinel)): return ast.Constant(value) raise ValueError From 53e962015ef54bbd755890f347779fac41b7e32a Mon Sep 17 00:00:00 2001 From: Sergey B Kirpichev Date: Sun, 24 May 2026 14:08:22 +0300 Subject: [PATCH 3/5] simplify check for permitted types --- Lib/ast.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Lib/ast.py b/Lib/ast.py index e662063bcc1337a..2df029ec005a79d 100644 --- a/Lib/ast.py +++ b/Lib/ast.py @@ -65,8 +65,8 @@ def literal_eval(node_or_string): return _convert_literal(node_or_string) -_type_None = type(None) -_type_Ellipsis = type(...) +_permitted_literal_types = (str, bytes, int, float, complex, + bool, type(None), type(...)) def _convert_literal(node, omit_validation=False): @@ -76,8 +76,7 @@ def _convert_literal(node, omit_validation=False): if isinstance(node, Constant): if omit_validation: return node.value - if type(value := node.value) in (str, bytes, int, float, complex, - bool, _type_None, _type_Ellipsis): + if type(value := node.value) in _permitted_literal_types: return value if isinstance(node, Dict) and len(node.keys) == len(node.values): return dict(zip( From fc46e56857ec24fd7ecb81bfabf4f288ed0eee83 Mon Sep 17 00:00:00 2001 From: Sergey B Kirpichev Date: Sun, 24 May 2026 14:08:46 +0300 Subject: [PATCH 4/5] don't misuse ast.Constant() in the inspect module --- Lib/inspect.py | 28 ++++++++++----------------- Lib/test/test_inspect/test_inspect.py | 8 +++----- 2 files changed, 13 insertions(+), 23 deletions(-) diff --git a/Lib/inspect.py b/Lib/inspect.py index af6aa3eb37a53bb..499383c60896786 100644 --- a/Lib/inspect.py +++ b/Lib/inspect.py @@ -2209,7 +2209,7 @@ def wrap_value(s): if isinstance(value, (str, int, float, bytes, bool, type(None), sentinel)): - return ast.Constant(value) + return ast.parse(s) raise ValueError class RewriteSymbolics(ast.NodeTransformer): @@ -2230,28 +2230,20 @@ def visit_Name(self, node): raise ValueError() return wrap_value(node.id) - def visit_BinOp(self, node): - # Support constant folding of a couple simple binary operations - # commonly used to define default values in text signatures - left = self.visit(node.left) - right = self.visit(node.right) - if not isinstance(left, ast.Constant) or not isinstance(right, ast.Constant): - raise ValueError - if isinstance(node.op, ast.Add): - return ast.Constant(left.value + right.value) - elif isinstance(node.op, ast.Sub): - return ast.Constant(left.value - right.value) - elif isinstance(node.op, ast.BitOr): - return ast.Constant(left.value | right.value) - raise ValueError - def p(name_node, default_node, default=empty): name = parse_name(name_node) if default_node and default_node is not _empty: try: default_node = RewriteSymbolics().visit(default_node) - default = ast.literal_eval(default_node) - except ValueError: + default_source = ast.unparse(default_node) + try: + default = eval(default_source, module_dict) + except NameError: + try: + default = eval(default_source, sys_module_dict) + except NameError: + raise ValueError + except ValueError as exc: raise ValueError("{!r} builtin has invalid signature".format(obj)) from None parameters.append(Parameter(name, kind, default=default, annotation=empty)) diff --git a/Lib/test/test_inspect/test_inspect.py b/Lib/test/test_inspect/test_inspect.py index a0c4b0030a0fd4b..33e1b3b5b2cbd26 100644 --- a/Lib/test/test_inspect/test_inspect.py +++ b/Lib/test/test_inspect/test_inspect.py @@ -6287,9 +6287,9 @@ def test_operator_module_has_signatures(self): self._test_module_has_signatures(operator) def test_os_module_has_signatures(self): - unsupported_signature = {'chmod', 'utime'} + unsupported_signature = {'utime'} unsupported_signature |= {name for name in - ['get_terminal_size', 'link', 'register_at_fork', 'startfile'] + ['get_terminal_size', 'register_at_fork', 'startfile'] if hasattr(os, name)} self._test_module_has_signatures(os, unsupported_signature=unsupported_signature) @@ -6339,9 +6339,7 @@ def test_threading_module_has_signatures(self): def test_thread_module_has_signatures(self): import _thread no_signature = {'RLock'} - unsupported_signature = {'interrupt_main'} - self._test_module_has_signatures(_thread, no_signature, - unsupported_signature) + self._test_module_has_signatures(_thread, no_signature) def test_time_module_has_signatures(self): no_signature = { From fdefe31c781157708b119a6fe4d96877e9a18762 Mon Sep 17 00:00:00 2001 From: Sergey B Kirpichev Date: Sun, 24 May 2026 16:34:07 +0300 Subject: [PATCH 5/5] w/a for pdb --- Lib/inspect.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Lib/inspect.py b/Lib/inspect.py index 499383c60896786..db99f1d53582f37 100644 --- a/Lib/inspect.py +++ b/Lib/inspect.py @@ -2209,7 +2209,7 @@ def wrap_value(s): if isinstance(value, (str, int, float, bytes, bool, type(None), sentinel)): - return ast.parse(s) + return ast.parse(s, mode='eval').body raise ValueError class RewriteSymbolics(ast.NodeTransformer): @@ -2237,12 +2237,15 @@ def p(name_node, default_node, default=empty): default_node = RewriteSymbolics().visit(default_node) default_source = ast.unparse(default_node) try: - default = eval(default_source, module_dict) - except NameError: + default = ast.literal_eval(default_source) + except ValueError: try: - default = eval(default_source, sys_module_dict) + default = eval(default_source, module_dict) except NameError: - raise ValueError + try: + default = eval(default_source, sys_module_dict) + except NameError: + raise ValueError except ValueError as exc: raise ValueError("{!r} builtin has invalid signature".format(obj)) from None parameters.append(Parameter(name, kind, default=default, annotation=empty))