diff --git a/python/PyQt6/core/auto_additions/qgis.py b/python/PyQt6/core/auto_additions/qgis.py index 0f59f830870..b8201f90ad7 100644 --- a/python/PyQt6/core/auto_additions/qgis.py +++ b/python/PyQt6/core/auto_additions/qgis.py @@ -6228,6 +6228,9 @@ QgsProcessingAlgorithm.FlagRequiresProject = Qgis.ProcessingAlgorithmFlag.Requir QgsProcessingAlgorithm.Flag.FlagRequiresProject = Qgis.ProcessingAlgorithmFlag.RequiresProject QgsProcessingAlgorithm.FlagRequiresProject.is_monkey_patched = True QgsProcessingAlgorithm.FlagRequiresProject.__doc__ = "The algorithm requires that a valid QgsProject is available from the processing context in order to execute" +QgsProcessingAlgorithm.SecurityRisk = Qgis.ProcessingAlgorithmFlag.SecurityRisk +QgsProcessingAlgorithm.SecurityRisk.is_monkey_patched = True +QgsProcessingAlgorithm.SecurityRisk.__doc__ = "The algorithm represents a potential security risk if executed with untrusted inputs. \n.. versionadded:: 3.40" QgsProcessingAlgorithm.FlagDeprecated = Qgis.ProcessingAlgorithmFlag.Deprecated QgsProcessingAlgorithm.Flag.FlagDeprecated = Qgis.ProcessingAlgorithmFlag.Deprecated QgsProcessingAlgorithm.FlagDeprecated.is_monkey_patched = True @@ -6296,6 +6299,10 @@ Qgis.ProcessingAlgorithmFlag.__doc__ = """Flags indicating how and when an algor Available as ``QgsProcessingAlgorithm.FlagRequiresProject`` in older QGIS releases. +* ``SecurityRisk``: The algorithm represents a potential security risk if executed with untrusted inputs. + + .. versionadded:: 3.40 + * ``Deprecated``: Algorithm is deprecated Available as ``QgsProcessingAlgorithm.FlagDeprecated`` in older QGIS releases. diff --git a/python/PyQt6/core/auto_generated/qgis.sip.in b/python/PyQt6/core/auto_generated/qgis.sip.in index 4de51989d53..7f7611f34e5 100644 --- a/python/PyQt6/core/auto_generated/qgis.sip.in +++ b/python/PyQt6/core/auto_generated/qgis.sip.in @@ -1922,6 +1922,7 @@ The development version SkipGenericModelLogging, NotAvailableInStandaloneTool, RequiresProject, + SecurityRisk, Deprecated, }; diff --git a/python/core/auto_additions/qgis.py b/python/core/auto_additions/qgis.py index db67ec7a24b..095bf396602 100644 --- a/python/core/auto_additions/qgis.py +++ b/python/core/auto_additions/qgis.py @@ -6171,6 +6171,9 @@ QgsProcessingAlgorithm.FlagRequiresProject = Qgis.ProcessingAlgorithmFlag.Requir QgsProcessingAlgorithm.Flag.FlagRequiresProject = Qgis.ProcessingAlgorithmFlag.RequiresProject QgsProcessingAlgorithm.FlagRequiresProject.is_monkey_patched = True QgsProcessingAlgorithm.FlagRequiresProject.__doc__ = "The algorithm requires that a valid QgsProject is available from the processing context in order to execute" +QgsProcessingAlgorithm.SecurityRisk = Qgis.ProcessingAlgorithmFlag.SecurityRisk +QgsProcessingAlgorithm.SecurityRisk.is_monkey_patched = True +QgsProcessingAlgorithm.SecurityRisk.__doc__ = "The algorithm represents a potential security risk if executed with untrusted inputs. \n.. versionadded:: 3.40" QgsProcessingAlgorithm.FlagDeprecated = Qgis.ProcessingAlgorithmFlag.Deprecated QgsProcessingAlgorithm.Flag.FlagDeprecated = Qgis.ProcessingAlgorithmFlag.Deprecated QgsProcessingAlgorithm.FlagDeprecated.is_monkey_patched = True @@ -6239,6 +6242,10 @@ Qgis.ProcessingAlgorithmFlag.__doc__ = """Flags indicating how and when an algor Available as ``QgsProcessingAlgorithm.FlagRequiresProject`` in older QGIS releases. +* ``SecurityRisk``: The algorithm represents a potential security risk if executed with untrusted inputs. + + .. versionadded:: 3.40 + * ``Deprecated``: Algorithm is deprecated Available as ``QgsProcessingAlgorithm.FlagDeprecated`` in older QGIS releases. diff --git a/python/core/auto_generated/qgis.sip.in b/python/core/auto_generated/qgis.sip.in index 8d685aaa33f..fdbaad9f57a 100644 --- a/python/core/auto_generated/qgis.sip.in +++ b/python/core/auto_generated/qgis.sip.in @@ -1922,6 +1922,7 @@ The development version SkipGenericModelLogging, NotAvailableInStandaloneTool, RequiresProject, + SecurityRisk, Deprecated, }; diff --git a/python/plugins/processing/algs/qgis/FieldPyculator.py b/python/plugins/processing/algs/qgis/FieldPyculator.py index a626d0f592c..72fed984c2b 100644 --- a/python/plugins/processing/algs/qgis/FieldPyculator.py +++ b/python/plugins/processing/algs/qgis/FieldPyculator.py @@ -22,7 +22,8 @@ __copyright__ = '(C) 2012, Victor Olaya & NextGIS' import sys from qgis.PyQt.QtCore import QMetaType -from qgis.core import (QgsProcessingException, +from qgis.core import (Qgis, + QgsProcessingException, QgsField, QgsFields, QgsFeatureSink, @@ -47,6 +48,11 @@ class FieldsPyculator(QgisAlgorithm): OUTPUT = 'OUTPUT' RESULT_VAR_NAME = 'value' + def flags(self): + # This algorithm represents a security risk, due to the use + # of the Python "exec" function + return super().flags() | Qgis.ProcessingAlgorithmFlag.SecurityRisk + def group(self): return self.tr('Vector table') diff --git a/src/core/qgis.h b/src/core/qgis.h index 14ea99d1f3d..397a5bf681f 100644 --- a/src/core/qgis.h +++ b/src/core/qgis.h @@ -3303,6 +3303,7 @@ class CORE_EXPORT Qgis SkipGenericModelLogging SIP_MONKEYPATCH_COMPAT_NAME( FlagSkipGenericModelLogging ) = 1 << 12, //!< When running as part of a model, the generic algorithm setup and results logging should be skipped NotAvailableInStandaloneTool SIP_MONKEYPATCH_COMPAT_NAME( FlagNotAvailableInStandaloneTool ) = 1 << 13, //!< Algorithm should not be available from the standalone "qgis_process" tool. Used to flag algorithms which make no sense outside of the QGIS application, such as "select by..." style algorithms. RequiresProject SIP_MONKEYPATCH_COMPAT_NAME( FlagRequiresProject ) = 1 << 14, //!< The algorithm requires that a valid QgsProject is available from the processing context in order to execute + SecurityRisk = 1 << 15, //!< The algorithm represents a potential security risk if executed with untrusted inputs. \since QGIS 3.40 Deprecated SIP_MONKEYPATCH_COMPAT_NAME( FlagDeprecated ) = HideFromToolbox | HideFromModeler, //!< Algorithm is deprecated }; Q_ENUM( ProcessingAlgorithmFlag );