From d938aacdfc77db8b9d18da9e6afcabd81f71be93 Mon Sep 17 00:00:00 2001
From: Sean Morgan <sean@protectai.com>
Date: Mon, 8 Jan 2024 08:29:49 -0800
Subject: [PATCH] Add attrgetter to DEFAULT unsafe

---
 modelscan/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modelscan/settings.py b/modelscan/settings.py
index d2173a9..dfb2b6d 100644
--- a/modelscan/settings.py
+++ b/modelscan/settings.py
@@ -78,6 +78,7 @@
                 "socket": "*",
                 "subprocess": "*",
                 "sys": "*",
+                "operator": "attrgetter",  # Ex of code execution: operator.attrgetter("system")(__import__("os"))("echo pwned")
             },
             "HIGH": {
                 "webbrowser": "*",  # Includes webbrowser.open()