Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2d839f3

Browse files
author
Mario Beretta
committed
Validate assembly name before calling LoadAssembly
1 parent dc3c818 commit 2d839f3

1 file changed

Lines changed: 10 additions & 1 deletion

File tree

src/runtime/moduleobject.cs

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
using System.IO;
55
using System.Reflection;
66
using System.Runtime.InteropServices;
7+
using System.Text.RegularExpressions;
78

89
namespace Python.Runtime
910
{
@@ -504,6 +505,13 @@ public static bool SuppressOverloads
504505
set { _SuppressOverloads = value; }
505506
}
506507

508+
private static bool IsValidAssemblyName(string name)
509+
{
510+
string typeName = name.Split(',')[0];
511+
if (typeName.Contains(Path.DirectorySeparatorChar)) return false;
512+
return true;
513+
}
514+
507515
[ModuleFunction]
508516
[ForbidPythonThreads]
509517
public static Assembly AddReference(string name)
@@ -518,7 +526,8 @@ public static Assembly AddReference(string name)
518526
}
519527
if (assembly == null)
520528
{
521-
assembly = AssemblyManager.LoadAssembly(name);
529+
if (IsValidAssemblyName(name))
530+
assembly = AssemblyManager.LoadAssembly(name);
522531
}
523532
if (assembly == null)
524533
{

0 commit comments

Comments
 (0)