Remove eval() from validate_cycler, which might allow code execution through a malicious matplotlibrc

scottshambaugh · scottshambaugh · commit 09b61ac9ae9b · 2026-03-06T17:29:20.000-07:00
diff --git a/lib/matplotlib/rcsetup.py b/lib/matplotlib/rcsetup.py
@@ -815,11 +815,44 @@ def cycler(*args, **kwargs):
     return reduce(operator.add, (ccycler(k, v) for k, v in validated))
 
 
-class _DunderChecker(ast.NodeVisitor):
-    def visit_Attribute(self, node):
-        if node.attr.startswith("__") and node.attr.endswith("__"):
-            raise ValueError("cycler strings with dunders are forbidden")
-        self.generic_visit(node)
+def _parse_cycler_string(s):
+    """
+    Parse a string representation of a cycler into a Cycler object safely,
+    without using eval().
+
+    Accepts expressions like::
+
+        cycler('color', ['r', 'g', 'b'])
+        cycler('color', 'rgb') + cycler('linewidth', [1, 2, 3])
+        cycler(c='rgb', lw=[1, 2, 3])
+        cycler('c', 'rgb') * cycler('linestyle', ['-', '--'])
+    """
+    try:
+        tree = ast.parse(s, mode='eval')
+    except SyntaxError as e:
+        raise ValueError(f"Could not parse {s!r}: {e}") from e
+    return _eval_cycler_expr(tree.body)
+
+
+def _eval_cycler_expr(node):
+    """Recursively evaluate an AST node to build a Cycler object."""
+    if isinstance(node, ast.BinOp):
+        left = _eval_cycler_expr(node.left)
+        right = _eval_cycler_expr(node.right)
+        if isinstance(node.op, ast.Add):
+            return left + right
+        if isinstance(node.op, ast.Mult):
+            return left * right
+        raise ValueError(f"Unsupported operator: {type(node.op).__name__}")
+    if isinstance(node, ast.Call):
+        if not (isinstance(node.func, ast.Name) and node.func.id == 'cycler'):
+            raise ValueError("only the 'cycler()' function is allowed")
+        args = [ast.literal_eval(ast.unparse(a)) for a in node.args]
+        kwargs = {kw.arg: ast.literal_eval(ast.unparse(kw.value))
+                  for kw in node.keywords}
+        return cycler(*args, **kwargs)
+    raise ValueError(
+        f"Unsupported expression in cycler string: {ast.dump(node)}")
 
 
 # A validator dedicated to the named legend loc
@@ -870,25 +903,11 @@ def _validate_legend_loc(loc):
 def validate_cycler(s):
     """Return a Cycler object from a string repr or the object itself."""
     if isinstance(s, str):
-        # TODO: We might want to rethink this...
-        # While I think I have it quite locked down, it is execution of
-        # arbitrary code without sanitation.
-        # Combine this with the possibility that rcparams might come from the
-        # internet (future plans), this could be downright dangerous.
-        # I locked it down by only having the 'cycler()' function available.
-        # UPDATE: Partly plugging a security hole.
-        # I really should have read this:
-        # https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
-        # We should replace this eval with a combo of PyParsing and
-        # ast.literal_eval()
         try:
-            _DunderChecker().visit(ast.parse(s))
-            s = eval(s, {'cycler': cycler, '__builtins__': {}})
-        except BaseException as e:
+            s = _parse_cycler_string(s)
+        except Exception as e:
             raise ValueError(f"{s!r} is not a valid cycler construction: {e}"
                              ) from e
-    # Should make sure what comes from the above eval()
-    # is a Cycler object.
     if isinstance(s, Cycler):
         cycler_inst = s
     else:
