From 2d839f3dc0a601f720fc0c92ed1f67fc8056e9e6 Mon Sep 17 00:00:00 2001
From: Mario Beretta <mario.beretta@nielsen.com>
Date: Thu, 9 Sep 2021 12:59:10 +0000
Subject: [PATCH] Validate assembly name before calling LoadAssembly

---
 src/runtime/moduleobject.cs | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/runtime/moduleobject.cs b/src/runtime/moduleobject.cs
index c2614b1d8..7f0ffded3 100644
--- a/src/runtime/moduleobject.cs
+++ b/src/runtime/moduleobject.cs
@@ -4,6 +4,7 @@
 using System.IO;
 using System.Reflection;
 using System.Runtime.InteropServices;
+using System.Text.RegularExpressions;
 
 namespace Python.Runtime
 {
@@ -504,6 +505,13 @@ public static bool SuppressOverloads
             set { _SuppressOverloads = value; }
         }
 
+        private static bool IsValidAssemblyName(string name)
+        {
+            string typeName = name.Split(',')[0];
+            if (typeName.Contains(Path.DirectorySeparatorChar)) return false;
+            return true;
+        }
+
         [ModuleFunction]
         [ForbidPythonThreads]
         public static Assembly AddReference(string name)
@@ -518,7 +526,8 @@ public static Assembly AddReference(string name)
             }
             if (assembly == null)
             {
-                assembly = AssemblyManager.LoadAssembly(name);
+                if (IsValidAssemblyName(name))
+                    assembly = AssemblyManager.LoadAssembly(name);
             }
             if (assembly == null)
             {