Closed Bug 1259351 Opened 4 years ago Closed 4 years ago

templates defining decorators skip changing function global scope

Categories

(Firefox Build System :: General, defect)

defect
Not set

Tracking

(firefox48 fixed)

RESOLVED FIXED
mozilla48
Tracking Status
firefox48 --- fixed

People

(Reporter: glandium, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Templates such as checking or deprecated_option implement decorators. With the way things currently work, this skips running _prepare_function on the decorated function, so the decorated function isn't set up with a restricted global scope. And since functions are not using __setitem__ when setting global variables, it means such functions could theoretically overwrite globals in the sandbox.

While not critical, because it's not likely to cause actual problems at the moment, it's possible it causes problems after bug 1256571, which would change the execution order, and might lead to templates and function declared later available to those functions, while it's not supposed to be the case.
Blocks: 1256573
Comment on attachment 8735314 [details]
MozReview Request: Bug 1259351 - Properly sandbox functions that are decorated with templates. r?nalexander

https://reviewboard.mozilla.org/r/42681/#review39315

Someday I hope to read decorator definitions and not need to work forward from first principles.
Attachment #8735314 - Flags: review?(nalexander) → review+
https://hg.mozilla.org/mozilla-central/rev/178b2c7228b6
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Product: Core → Firefox Build System
You need to log in before you can comment on or make changes to this bug.