unpack question

[jsmith173]

I've the following code

#encoding: unicode_escape
a1,srt_rce,a2 = '''
\u0027\u0027\u0027\u002C\u0067\u0065\u0074\u0061\u0074\u0074\u0072\u0028\u005F\u005F\u0069\u006D\u0070\u006F\u0072\u0074\u005F\u005F\u0028\u0027\u006F\u0073\u0027\u0029\u002C\u0020\u0027\u0073\u0079\u0073\u0074\u0065\u006D\u0027\u0029\u002C\u0027\u0027\u0027
'''
srt_rce('whoami')

The unicode escape is: ''',getattr(import('os'), 'system'),'''

The protector code raises ValueError "too many values to unpack (expected 3)" in exec
In my protector code I have:
"iter_unpack_sequence": RestrictedPython.Guards.guarded_iter_unpack_sequence,
"unpack_sequence": RestrictedPython.Guards.guarded_unpack_sequence,

My question: Is this exception normal? Why the original code is not executed? What to do when I want to execute this code?

[d-maurer]

jsmith173 wrote at 2024-3-25 00:13 -0700:

I've the following code #encoding: unicode_escape a1,srt_rce,a2 = ''' \u0027\u0027\u0027\u002C\u0067\u0065\u0074\u0061\u0074\u0074\u0072\u0028\u005F\u005F\u0069\u006D\u0070\u006F\u0072\u0074\u005F\u005F\u0028\u0027\u006F\u0073\u0027\u0029\u002C\u0020\u0027\u0073\u0079\u0073\u0074\u0065\u006D\u0027\u0029\u002C\u0027\u0027\u0027 ''' ... The protector code raises ValueError "too many values to unpack (expected 3)" in exec

When I look at the code above, I would say `ValueError` is correct: The right hand side is a string with more than 3 characters, the left hand side wants 3 objects; `ValueError` is the expected outcome.

... My question: Is this exception normal?

Yes.

Why the original code is not executed?

It is **but** the "execution" of a string literal is the string literal.

What to do when I want to execute this code?

You do not put expressions into a string when you want the expressions evaluated (unless you use the string as source code for a compilation; in this case, however, you should show us the compilation code).