Support and test cycler integer multiplication, concat, and slicing

scottshambaugh · ksunden · commit 29481437a65d · 2026-04-21T17:47:37.000-05:00
diff --git a/doc/users/next_whats_new/cycler_rcparam_security.rst b/doc/users/next_whats_new/cycler_rcparam_security.rst
@@ -2,9 +2,13 @@
 --------------------------------------------
 
 The ``axes.prop_cycle`` rcParam is now parsed safely without ``eval()``. Only
-literal ``cycler()`` calls combined with ``+`` and ``*`` are allowed. All
-previously valid cycler strings continue to work, for example:
+literal ``cycler()`` and ``concat()`` calls combined with ``+``, ``*``, and
+slicing are allowed. All previously valid cycler strings continue to work,
+for example:
 
 .. code-block:: none
 
    axes.prop_cycle : cycler('color', ['r', 'g', 'b']) + cycler('linewidth', [1, 2, 3])
+   axes.prop_cycle : 2 * cycler('color', 'rgb')
+   axes.prop_cycle : concat(cycler('color', 'rgb'), cycler('color', 'cmk'))
+   axes.prop_cycle : cycler('color', 'rgbcmk')[:3]
diff --git a/lib/matplotlib/rcsetup.py b/lib/matplotlib/rcsetup.py
@@ -30,7 +30,7 @@
 from matplotlib._enums import JoinStyle, CapStyle
 
 # Don't let the original cycler collide with our validating cycler
-from cycler import Cycler, cycler as ccycler
+from cycler import Cycler, concat as cconcat, cycler as ccycler
 
 
 @_api.caching_module_getattr
@@ -789,13 +789,32 @@ def _eval_cycler_expr(node):
             return left * right
         raise ValueError(f"Unsupported operator: {type(node.op).__name__}")
     if isinstance(node, ast.Call):
-        if not (isinstance(node.func, ast.Name) and node.func.id == 'cycler'):
-            raise ValueError("only the 'cycler()' function is allowed")
-        args = [ast.literal_eval(a) for a in node.args]
+        if not (isinstance(node.func, ast.Name)
+                and node.func.id in ('cycler', 'concat')):
+            raise ValueError(
+                "only the 'cycler()' and 'concat()' functions are allowed")
+        func = cycler if node.func.id == 'cycler' else cconcat
+        args = [_eval_cycler_expr(a) for a in node.args]
         kwargs = {kw.arg: ast.literal_eval(kw.value) for kw in node.keywords}
-        return cycler(*args, **kwargs)
-    raise ValueError(
-        f"Unsupported expression in cycler string: {ast.dump(node)}")
+        return func(*args, **kwargs)
+    if isinstance(node, ast.Subscript):
+        value = _eval_cycler_expr(node.value)
+        sl = node.slice
+        if isinstance(sl, ast.Slice):
+            s = slice(
+                ast.literal_eval(sl.lower) if sl.lower else None,
+                ast.literal_eval(sl.upper) if sl.upper else None,
+                ast.literal_eval(sl.step) if sl.step else None,
+            )
+            return value[s]
+        raise ValueError("only slicing is supported, not indexing")
+    # Allow literal values (int, strings, lists, tuples) as arguments
+    # to cycler() and concat().
+    try:
+        return ast.literal_eval(node)
+    except (ValueError, TypeError):
+        raise ValueError(
+            f"Unsupported expression in cycler string: {ast.dump(node)}")
 
 
 # A validator dedicated to the named legend loc
diff --git a/lib/matplotlib/tests/test_rcparams.py b/lib/matplotlib/tests/test_rcparams.py
@@ -272,6 +272,12 @@ def generate_validator_testcases(valid):
                       cycler('linestyle', ['-', '--'])),
                      (cycler(mew=[2, 5]),
                       cycler('markeredgewidth', [2, 5])),
+                     ("2 * cycler('color', 'rgb')", 2 * cycler('color', 'rgb')),
+                     ("cycler('color', 'rgb') * 2", cycler('color', 'rgb') * 2),
+                     ("concat(cycler('color', 'rgb'), cycler('color', 'cmk'))",
+                      cycler('color', list('rgbcmk'))),
+                     ("cycler('color', 'rgbcmk')[:3]", cycler('color', list('rgb'))),
+                     ("cycler('color', 'rgb')[::-1]", cycler('color', list('bgr'))),
                      ),
          # validate_cycler() parses an arbitrary string using a safe
          # AST-based parser (no eval). These tests verify that only valid
