Restrict shell escape (!) when sandboxed (#108)

RinZ27 · web-flow · commit af2eb64fcba7 · 2026-01-31T10:44:23.000-03:00
diff --git a/mathicsscript/__main__.py b/mathicsscript/__main__.py
@@ -233,6 +233,9 @@ def fmt_fun(query: Any) -> Any:
 
         except ShellEscapeException as e:
             source_code = e.line
+            if not settings.ENABLE_SYSTEM_COMMANDS:
+                shell.errmsg("System commands are disabled in sandboxed mode.")
+                continue
             if len(source_code) and source_code[1] == "!":
                 try:
                     print(open(source_code[2:], "r").read())
diff --git a/mathicsscript/interrupt.py b/mathicsscript/interrupt.py
@@ -54,6 +54,9 @@ def inspect_eval_loop(evaluation: Evaluation):
             query, source_code = evaluation.parse_feeder_returning_code(shell)
             # show_echo(source_code, evaluation)
             if len(source_code) and source_code[0] == "!" and shell is not None:
+                if not settings.ENABLE_SYSTEM_COMMANDS:
+                    print("System commands are disabled in sandboxed mode.")
+                    continue
                 subprocess.run(source_code[1:], shell=True)
                 if shell.definitions is not None:
                     shell.definitions.increment_line_no(1)
