From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Mon, 8 Jun 2020 07:19:27 +0000 (-0700)
Subject: Deny eval() direct access to builtins (GH-20713) (GH-20714)
X-Git-Tag: v3.9.0b2~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3deded947c79daf01b5f987ff43b7f067776f905;p=thirdparty%2FPython%2Fcpython.git

Deny eval() direct access to builtins (GH-20713) (GH-20714)
---

diff --git a/Lib/collections/__init__.py b/Lib/collections/__init__.py
index 011a0c1e7c19..d11d120d76d9 100644
--- a/Lib/collections/__init__.py
+++ b/Lib/collections/__init__.py
@@ -407,7 +407,8 @@ def namedtuple(typename, field_names, *, rename=False, defaults=None, module=Non
     # Create all the named tuple methods to be added to the class namespace
 
     s = f'lambda _cls, {arg_list}: _tuple_new(_cls, ({arg_list}))'
-    namespace = {'_tuple_new': tuple_new, '__name__': f'namedtuple_{typename}'}
+    namespace = {'_tuple_new': tuple_new,  '__builtins__': None,
+                 '__name__': f'namedtuple_{typename}'}
     __new__ = eval(s, namespace)
     __new__.__doc__ = f'Create new instance of {typename}({arg_list})'
     if defaults is not None: