From e6041bbdc7d915d4a956feb106a03fa2dce92a36 Mon Sep 17 00:00:00 2001
From: Paulo Ferraz <paulosgf.pf@gmail.com>
Date: Fri, 10 Jun 2022 15:56:12 -0300
Subject: [PATCH] Update #3 - Fix vulnerable eval() on monopoly plugin

---
 src/honeybot/plugins/downloaded/monopoly/main.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/honeybot/plugins/downloaded/monopoly/main.py b/src/honeybot/plugins/downloaded/monopoly/main.py
index afb694c..2c8eeb3 100644
--- a/src/honeybot/plugins/downloaded/monopoly/main.py
+++ b/src/honeybot/plugins/downloaded/monopoly/main.py
@@ -320,7 +320,10 @@ def get_rent(asset, asset_owner, move_amount):
             print(num_util)
             calc_string = asset.rents[num_util] + " " + str(move_amount)
             print(calc_string)
-            return eval(calc_string)
+            return eval(
+                calc_string, {"__builtins__": None},
+                {"str": str, "int": int, "float": float}
+            )
 
         elif isinstance(asset, Railroad):
             num_rail = len(