From 0f19d63bb0cc3974d6ccf8a667f65ed41de7b04c Mon Sep 17 00:00:00 2001
From: Andrey Zhavoronkov <andrey.zhavoronkov@intel.com>
Date: Fri, 14 Dec 2018 15:48:08 +0300
Subject: [PATCH] restricting usage of built-ins in user's code

---
 .../auto_annotation/js/auto_annotation.js     | 17 ++++++------
 cvat/apps/auto_annotation/views.py            | 26 ++++++++++++++-----
 2 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/cvat/apps/auto_annotation/static/auto_annotation/js/auto_annotation.js b/cvat/apps/auto_annotation/static/auto_annotation/js/auto_annotation.js
index 86f22c081a8f..3f7daadf5deb 100644
--- a/cvat/apps/auto_annotation/static/auto_annotation/js/auto_annotation.js
+++ b/cvat/apps/auto_annotation/static/auto_annotation/js/auto_annotation.js
@@ -52,8 +52,7 @@ window.cvat.dashboard.uiCallbacks.push(function(newElements) {
         },
         error: (data) => {
             let message = `Can not get auto annotation meta info. Code: ${data.status}. Message: ${data.responseText || data.statusText}`;
-            showMessage(message);
-            throw Error(message);
+            window.cvat.auto_annotation.badResponse(message);
         }
     });
 });
@@ -84,10 +83,15 @@ window.cvat.auto_annotation = {
             }).fail((data) => {
                 let message = `Error was occured during check annotation status. ` +
                 `Code: ${data.status}, text: ${data.responseText || data.statusText}`;
-                badResponse(message);
+                window.cvat.auto_annotation.badResponse(message);
             });
         }
     },
+
+    badResponse(message) {
+        showMessage(message);
+        throw Error(message);
+    },
 };
 
 document.addEventListener("DOMContentLoaded", () => {
@@ -168,12 +172,9 @@ document.addEventListener("DOMContentLoaded", () => {
         }).fail((data) => {
             let message = `Error was occured during run annotation request. ` +
                 `Code: ${data.status}, text: ${data.responseText || data.statusText}`;
-            badResponse(message);
+            window.cvat.auto_annotation.badResponse(message);
         });
 
-        function badResponse(message) {
-            showMessage(message);
-            throw Error(message);
-        }
+
     });
 });
diff --git a/cvat/apps/auto_annotation/views.py b/cvat/apps/auto_annotation/views.py
index 3c38d930001b..14488edfd1a2 100644
--- a/cvat/apps/auto_annotation/views.py
+++ b/cvat/apps/auto_annotation/views.py
@@ -51,13 +51,6 @@ def load_model(model_file, weights_file, config_file):
 
     return model, class_names
 
-def process_detections(detections, path_to_conv_script):
-    import importlib.util
-    spec = importlib.util.spec_from_file_location('converter', path_to_conv_script)
-    converter = importlib.util.module_from_spec(spec)
-    spec.loader.exec_module(converter)
-    return converter.process_detections(detections)
-
 def create_anno_container():
     return {
         "boxes": [],
@@ -70,6 +63,25 @@ def create_anno_container():
         "points_paths": [],
     }
 
+def process_detections(detections, path_to_conv_script):
+    results = create_anno_container()
+    global_vars = {
+        '__builtins__': {
+            'str': str,
+            'int': int,
+            'float': float,
+            'max': max,
+            'min': min,
+            'range': range,
+            },
+        }
+    local_vars = {
+        'detections': detections,
+        'results': results,
+        }
+    exec (open(path_to_conv_script).read(), global_vars, local_vars)
+    return results
+
 def run_inference_engine_annotation(path_to_data, model_file, weights_file, config_file, convertation_file, job, update_progress, db_labels):
     result = {
         'create': create_anno_container(),